Lucene search
K

175 matches found

OSV
OSV
added 2026/07/06 5:55 a.m.3 views

BIT-MASTODON-2026-47389 Mastodon: SSRF protection bypass on older Ruby versions

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.privateaddress? returns false for IPv4-mapped IPv6 addresses ::ffff:a.b.c.d corresponding to some private IPv4 addresses,...

8.6CVSS6AI score0.00232EPSS
Exploits0References2
Chainguard
Chainguard
added 2026/06/26 8:23 p.m.9 views

GHSA-35W3-PJM6-WJ95 vulnerabilities

Vulnerabilities for packages: kube-logging-operator, ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset...

6.1AI score
Exploits0
Cvelist
Cvelist
added 2026/06/24 7:41 p.m.21 views

CVE-2026-47389 Mastodon: SSRF protection bypass on older Ruby versions

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, when using Ruby versions older than 3.4, PrivateAddressCheck.privateaddress? returns false for IPv4-mapped IPv6 addresses ::ffff:a.b.c.d corresponding to some private IPv4 addresses,...

8.6CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 7:41 p.m.8 views

CVE-2026-47389

Mastodon vulnerability CVE-2026-47389 affects older Ruby runtimes (

8.6CVSS5.9AI score0.00232EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.7 views

CVE-2026-54905 vulnerabilities

Vulnerabilities for packages: kube-logging-operator, ruby4.0-rails, kube-fluentd-operator, ruby3.3-rails, ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-rails, ruby3.4-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-rails, ruby3.2-fluentd-kubernetes-daemonset...

5.5CVSS6.1AI score0.00106EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Ruby 2.5

There is a buffer over-read issue in Ruby before version 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. This issue occurs during the conversion from strings to floats, including in methods like KernelFloat and Stringtof...

7.5CVSS7AI score0.04127EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Ruby 2.5

A issue was discovered in RDoc versions 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resulting remote code execution are possible because there are no restrictions on the classes that c...

4.5CVSS7.3AI score0.01571EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Ruby2.5, JRuby

A issue was discovered in Ruby between versions 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. The Net::IMAP library does not raise an exception when the StartTLS command fails with an unknown response. This may allow man-in-the-middle attackers to bypass TLS protections by leveraging the network...

7.4CVSS6.6AI score0.02909EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Ruby 2.5, JRuby

A issue was discovered in Ruby between versions 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a specified IP address and port. This potentially allows curl to extract information about services that would...

5.8CVSS6.6AI score0.0305EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Ruby 2.5

A buffer-overread issue was discovered in StringIO 3.0.1, which is available in Ruby 3.0.x through 3.0.6, and in Ruby 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is...

9.8CVSS6.7AI score0.02364EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in JRuby

Before Ruby 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an HTTP Response Splitting attack was possible. An attacker could inject a crafted key and value into an HTTP response for the WEBrick HTTP server...

5.3CVSS6.8AI score0.0576EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Ruby 2.5

In RDoc 3.11 through 6.x, as distributed with Ruby up to 3.0.1, it was possible to execute arbitrary code using | and tags within a filename...

7CVSS7AI score0.0148EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017613 advisory. The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can ...

7.5CVSS7.3AI score0.05061EPSS
Exploits0References4
Chainguard
Chainguard
added 2026/04/11 2:19 a.m.3 views

GHSA-33QG-7WPP-89CQ vulnerabilities

Vulnerabilities for packages: pact-broker-docker-fips, pact-broker-docker, ruby4.0-rails, ruby3.3-rails, ruby3.2-rails, logstash, ruby3.4-rails...

6.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/08 12:5 a.m.8 views

Addressable has a Regular Expression Denial of Service in Addressable templates

Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...

7.5CVSS5.8AI score0.0036EPSS
Exploits0References4Affected Software1
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.3 views

Astra Linux – Vulnerability in Rubygems

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby, up to 3.2.1. The URI parser improperly handles invalid URLs that contain specific characters. This leads to an increase in the execution time required to parse strings into URI objects. The fixed versions are 0.12.1, 0.11.1...

5.3CVSS6.7AI score0.02637EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/02 12:0 a.m.8 views

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2026-1215)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fi...

7.5CVSS7AI score0.0051EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/10/28 12:0 a.m.2 views

Ubuntu: Security Advisory (USN-7840-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.02064EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-1899

Malware in sbrugna...

5CVSS4.6AI score0.08375EPSS
Exploits2References36
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-1891

Malware in sbrugna...

5CVSS7.3AI score0.02813EPSS
Exploits1References13
Rows per page
Query Builder