52 matches found
CVE-2024-27280
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...
ruby:3.1 security, bug fix, and enhancement update
An update is available for rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, module.rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an...
Rocky Linux 9 : ruby:3.1 (RLSA-2024:1576)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1576 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...
RHEL 9 : ruby:3.1 (RHSA-2024:1576)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1576 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
GHSA-V5H6-C2HV-HV3R vulnerabilities
Vulnerabilities for packages: ruby...
GHSA-V5H6-C2HV-HV3R vulnerabilities
Vulnerabilities for packages: ruby...
GHSA-V5H6-C2HV-HV3R StringIO buffer overread vulnerability
An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. This vulnerability is not affected...
Buffer overread vulnerability in StringIO
An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. This vulnerability is not affected...
Ruby on Rails: Action Text ReDoS (Ruby 3.1 or lower)
A vulnerability was discovered in the ActionText component of the Rails web framework for Ruby versions 3.1 and lower. The vulnerability was caused by a Regular Expression Denial of Service ReDoS issue in the plaintextforblockquotenode method. This method was used in the...
GHSA-HWW2-5G85-429M vulnerabilities
Vulnerabilities for packages: jruby, kube-fluentd-operator, ruby...
GHSA-FG7X-G82R-94QC vulnerabilities
Vulnerabilities for packages: ruby...
CVE-2023-28756 vulnerabilities
Vulnerabilities for packages: ruby...