USN-4922-1 ruby2.3, ruby2.5, ruby2.7 vulnerability

Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack...

UBUNTU-CVE-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

PT-2021-5813

Name of the Vulnerable Software and Affected Versions REXML gem versions prior to 3.2.5 in Ruby versions prior to 2.6.7 REXML gem versions prior to 3.2.5 in Ruby versions 2.7.x prior to 2.7.3 REXML gem versions prior to 3.2.5 in Ruby versions 3.x prior to 3.0.1 Description The issue is related to...

PT-2021-4038

Name of the Vulnerable Software and Affected Versions Ruby versions prior to 2.6.8 Ruby versions 2.7.x through 2.7.3 Ruby versions 3.x through 3.0.1 Description The issue is related to the implementation of the Net::FTP class in the Ruby interpreter, which has weaknesses in protecting service dat...

ALPINE-CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

PT-2020-5675 · Ruby +9 · Ruby +10

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 2.5.9 Ruby versions 2.6.x through 2.6.6 Ruby versions 2.7.x through 2.7.1 Description: The issue is related to the WEBrick library in Ruby, which has a problem with incorrect checking of the header value. This can...

An issue was discovered in Ruby 2.5.x through 2.5.7 2.6.x through 2.6.5 and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size buffer exception: false) the method resizes the buffer to fit the requested size but no data is copied. Thus the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.

...

Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.

...

ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...

DEBIAN-CVE-2020-10933

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocketreadnonblockrequestedsize, buffer, exception: false, the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous valu...

DEBIAN-CVE-2020-10663

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsi...

UBUNTU-CVE-2020-10663

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsi...

PT-2020-2440

Name of the Vulnerable Software and Affected Versions JSON gem versions 2.2.0 and earlier Ruby versions 2.4 through 2.4.9 Ruby versions 2.5 through 2.5.7 Ruby versions 2.6 through 2.6.5 Description The JSON gem for Ruby has an Unsafe Object Creation issue due to insufficient input validation. Thi...

DEBIAN-CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

ALPINE-CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

ALPINE-CVE-2019-15845

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions...

UBUNTU-CVE-2019-15845

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions...

UBUNTU-CVE-2019-16201

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network...

PT-2019-5086

Name of the Vulnerable Software and Affected Versions Loofah gem for Ruby versions through 2.3.0 Description The issue is related to the Loofah gem for Ruby, where unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. This could potentially allow a remote...

ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...