Lucene search
K

52 matches found

OSV
OSV
added 2024/10/28 2:10 p.m.16 views

GHSA-2RXP-V6PW-CH6M REXML ReDoS vulnerability

Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...

8.7CVSS7AI score0.01429EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/10/28 2:10 p.m.11 views

REXML ReDoS vulnerability

Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...

8.7CVSS7AI score0.01429EPSS
Exploits0References8Affected Software1
RubySec
RubySec
added 2024/10/28 12:0 a.m.18 views

REXML ReDoS vulnerability

Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...

8.7CVSS6.6AI score0.01429EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.5 views

PT-2024-8321

Name of the Vulnerable Software and Affected Versions REXML gem versions prior to 3.3.9 Ruby 3.1 Description The issue is related to a ReDoS vulnerability in the REXML gem when parsing XML with many digits between & and x...; in a hex numeric character reference &x...;. This vulnerability can be...

8.7CVSS6.6AI score0.01429EPSS
Exploits0References139
OSV
OSV
added 2024/10/10 5:2 p.m.20 views

RHSA-2024:1576 Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update

Bulletin has no description...

8.8CVSS7.5AI score0.02637EPSS
Exploits1References22
OSV
OSV
added 2024/09/16 7:18 p.m.16 views

RHSA-2024:3668 Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update

Bulletin has no description...

6.6CVSS7.2AI score0.02364EPSS
Exploits0References18
OSV
OSV
added 2024/09/16 7:18 p.m.23 views

RHSA-2024:3546 Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update

Bulletin has no description...

6.6CVSS7.2AI score0.02364EPSS
Exploits0References19
OSV
OSV
added 2024/06/15 12:0 a.m.11 views

OPENSUSE-SU-2024:12804-1 ruby3.1-rubygem-activesupport-7.0-7.0.4.3-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-activesupport-7.0-7.0.4.3-1.1 package on the GA media of openSUSE Tumbleweed...

5.3CVSS5.8AI score0.00907EPSS
Exploits0References1
OSV
OSV
added 2024/06/15 12:0 a.m.13 views

OPENSUSE-SU-2024:11869-1 ruby3.1-rubygem-actionpack-6.0-6.0.4.6-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-actionpack-6.0-6.0.4.6-1.1 package on the GA media of openSUSE Tumbleweed...

7.4CVSS6.6AI score0.02207EPSS
Exploits0References1
OSV
OSV
added 2024/06/15 12:0 a.m.4 views

OPENSUSE-SU-2024:12038-1 ruby3.1-rubygem-kramdown-2.4.0-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-kramdown-2.4.0-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS9.5AI score0.0456EPSS
Exploits1References2
OSV
OSV
added 2024/06/15 12:0 a.m.15 views

OPENSUSE-SU-2024:12773-1 ruby3.1-rubygem-rack-3.0.4.2-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-rack-3.0.4.2-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.8AI score0.0183EPSS
Exploits0References1
OSV
OSV
added 2024/06/15 12:0 a.m.19 views

OPENSUSE-SU-2024:11820-1 ruby3.1-rubygem-actionmailer-6.0-6.0.4.4-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-actionmailer-6.0-6.0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.2AI score0.98507EPSS
Exploits19References2
OSV
OSV
added 2024/06/15 12:0 a.m.13 views

OPENSUSE-SU-2024:12033-1 ruby3.1-rubygem-sinatra-2.2.0-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-sinatra-2.2.0-1.1 package on the GA media of openSUSE Tumbleweed...

6.1CVSS6.4AI score0.02212EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/06/14 12:0 a.m.18 views

Rocky Linux 9 : ruby:3.1 (RLSA-2024:3668)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3668 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...

9.8CVSS7AI score0.02364EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/06/06 12:0 a.m.31 views

AlmaLinux 9 : ruby:3.1 (ALSA-2024:3668)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3668 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...

9.8CVSS7AI score0.02364EPSS
Exploits0References4
NVD
NVD
added 2024/05/14 3:11 p.m.31 views

CVE-2024-27280

A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...

9.8CVSS5.8AI score0.02364EPSS
Exploits0References9
OSV
OSV
added 2024/05/14 3:11 p.m.29 views

CVE-2024-27280

A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...

9.8CVSS6.5AI score0.02364EPSS
Exploits0References3
Chainguard
Chainguard
added 2024/05/14 3:11 p.m.44 views

CVE-2024-27280 vulnerabilities

Vulnerabilities for packages: ruby...

9.8CVSS6.3AI score0.02364EPSS
Exploits0
Wolfi
Wolfi
added 2024/05/14 3:11 p.m.42 views

CVE-2024-27280 vulnerabilities

Vulnerabilities for packages: ruby...

9.8CVSS6.6AI score0.02364EPSS
Exploits0
OSV
OSV
added 2024/05/14 3:11 p.m.4 views

ALPINE-CVE-2024-27280

A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...

9.8CVSS6.8AI score0.02364EPSS
Exploits0References1
Rows per page
Query Builder