52 matches found
REXML ReDoS vulnerability
Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...
GHSA-2RXP-V6PW-CH6M REXML ReDoS vulnerability
Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...
PT-2024-8321
Name of the Vulnerable Software and Affected Versions REXML gem versions prior to 3.3.9 Ruby 3.1 Description The issue is related to a ReDoS vulnerability in the REXML gem when parsing XML with many digits between & and x...; in a hex numeric character reference &x...;. This vulnerability can be...
REXML ReDoS vulnerability
Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...
RHSA-2024:1576 Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2024:3668 Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2024:3546 Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update
Bulletin has no description...
OPENSUSE-SU-2024:12804-1 ruby3.1-rubygem-activesupport-7.0-7.0.4.3-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-activesupport-7.0-7.0.4.3-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11820-1 ruby3.1-rubygem-actionmailer-6.0-6.0.4.4-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-actionmailer-6.0-6.0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12033-1 ruby3.1-rubygem-sinatra-2.2.0-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-sinatra-2.2.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12773-1 ruby3.1-rubygem-rack-3.0.4.2-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-rack-3.0.4.2-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12038-1 ruby3.1-rubygem-kramdown-2.4.0-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-kramdown-2.4.0-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11869-1 ruby3.1-rubygem-actionpack-6.0-6.0.4.6-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-actionpack-6.0-6.0.4.6-1.1 package on the GA media of openSUSE Tumbleweed...
Rocky Linux 9 : ruby:3.1 (RLSA-2024:3668)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3668 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...
AlmaLinux 9 : ruby:3.1 (ALSA-2024:3668)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3668 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...
ALPINE-CVE-2024-27280
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...
CVE-2024-27280
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...
CVE-2024-27280
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...
CVE-2024-27280 vulnerabilities
Vulnerabilities for packages: ruby...
CVE-2024-27280 vulnerabilities
Vulnerabilities for packages: ruby...