SUSE CVE-2014-6438

The URI.decodewwwformcomponent method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service catastrophic regular expression backtracking, resource consumption, or application crash via a crafted string...

SUSE CVE-2017-1000047

rbenv all current versions is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution...

DEBIAN-CVE-2023-22795

A regular expression based DoS vulnerability in Action Dispatch 6.1.7.1 and 7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This...

CVE-2023-22795

A regular expression based DoS vulnerability in Action Dispatch 6.1.7.1 and 7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This...

GHSA-HGG7-CGHQ-XHF4 Ruby vulnerable to denial of service

When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service. Jruby resolves this bug in version 1.7.3 as noted in...

ruby: Potential HTTP request smuggling in WEBrick

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

PT-2019-4652 · Ruby +8 · Ruby +8

Name of the Vulnerable Software and Affected Versions: Ruby versions 2.4.7 and earlier, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 Description: The issue allows code injection if the first argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an...

rbenv Directory Traversal Vulnerability

rbenv is a versioning tool for Ruty. A directory traversal vulnerability exists in the specification of the Ruby version in rbenv. A remote attacker can exploit this vulnerability to execute code...

CVE-2017-14064

Removed by vendor...

RVM Code Execution Vulnerability

RVM is a Ruty version management command line tool that supports the installation and management of multiple Ruty environments including compilers. A code execution vulnerability exists in RVM 1.28.0 and earlier versions. An attacker can exploit the vulnerability to execute code...

DEBIAN-CVE-2017-1000047

rbenv all current versions is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution...

UBUNTU-CVE-2017-1000047

rbenv all current versions is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution...

CVE-2017-1000047

rbenv all current versions is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution...

Ruby 'pack_pack' function memory misreference vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A memory misreference vulnerability exists in the 'packpack' function in Ruby versions 2.3.0 dev and 2.2.2. The vulnerability can be exploited to execute...

EUVD-2014-7929

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

ruby: heap overflow in floating point parsing

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that is converted to...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass. The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for...

Ruby Random Number Generation Local Denial Of Service Vulnerability

This host is installed with Ruby and is prone to local denial of service vulnerability. OpenVAS Vulnerability Test $Id: secpodrubyrandomnumbergenerationdosvuln.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby Random Number Generation Local Denial Of Service Vulnerability Authors: Sooraj KS Copyrigh...

Ruby '#to_s' Security Bypass Vulnerability

This host is installed with Ruby and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbrubysecbypassvulnwin.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby "tos" Security Bypass Vulnerability Authors: Madhuri D Copyright: Copyright C 2011 Greenbone Networks GmbH,...

Ruby Version Manager escape sequence injection vulnerability

Overview Ruby Version Manager contains an escape sequence injection vulnerability. Ruby Version Manager is a command line tool for managing multiple ruby environments. Ruby Version Manager contains an escape sequence injection vulnerability. Impact A user may unknowingly open a malicious file. As...