52 matches found
GHSA-2RXP-V6PW-CH6M REXML ReDoS vulnerability
Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...
REXML ReDoS vulnerability
Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...
REXML ReDoS vulnerability
Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...
PT-2024-8321
Name of the Vulnerable Software and Affected Versions REXML gem versions prior to 3.3.9 Ruby 3.1 Description The issue is related to a ReDoS vulnerability in the REXML gem when parsing XML with many digits between & and x...; in a hex numeric character reference &x...;. This vulnerability can be...
RHSA-2024:1576 Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2024:3668 Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2024:3546 Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update
Bulletin has no description...
OPENSUSE-SU-2024:12804-1 ruby3.1-rubygem-activesupport-7.0-7.0.4.3-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-activesupport-7.0-7.0.4.3-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11869-1 ruby3.1-rubygem-actionpack-6.0-6.0.4.6-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-actionpack-6.0-6.0.4.6-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12038-1 ruby3.1-rubygem-kramdown-2.4.0-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-kramdown-2.4.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12773-1 ruby3.1-rubygem-rack-3.0.4.2-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-rack-3.0.4.2-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11820-1 ruby3.1-rubygem-actionmailer-6.0-6.0.4.4-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-actionmailer-6.0-6.0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12033-1 ruby3.1-rubygem-sinatra-2.2.0-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-sinatra-2.2.0-1.1 package on the GA media of openSUSE Tumbleweed...
Rocky Linux 9 : ruby:3.1 (RLSA-2024:3668)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3668 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...
AlmaLinux 9 : ruby:3.1 (ALSA-2024:3668)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3668 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...
CVE-2024-27280
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...
CVE-2024-27280
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...
CVE-2024-27280 vulnerabilities
Vulnerabilities for packages: ruby...
CVE-2024-27280 vulnerabilities
Vulnerabilities for packages: ruby...
ALPINE-CVE-2024-27280
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...