52 matches found
CVE-2024-27280
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fix...
ruby:3.1 security, bug fix, and enhancement update
An update is available for rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, module.rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an...
Rocky Linux 9 : ruby:3.1 (RLSA-2024:1576)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1576 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...
RHEL 9 : ruby:3.1 (RHSA-2024:1576)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1576 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
GHSA-V5H6-C2HV-HV3R StringIO buffer overread vulnerability
An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. This vulnerability is not affected...
GHSA-V5H6-C2HV-HV3R vulnerabilities
Vulnerabilities for packages: ruby...
GHSA-V5H6-C2HV-HV3R vulnerabilities
Vulnerabilities for packages: ruby...
Buffer overread vulnerability in StringIO
An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. This vulnerability is not affected...
Ruby on Rails: Action Text ReDoS (Ruby 3.1 or lower)
A vulnerability was discovered in the ActionText component of the Rails web framework for Ruby versions 3.1 and lower. The vulnerability was caused by a Regular Expression Denial of Service ReDoS issue in the plaintextforblockquotenode method. This method was used in the...
GHSA-HWW2-5G85-429M vulnerabilities
Vulnerabilities for packages: ruby, kube-fluentd-operator, jruby...
GHSA-FG7X-G82R-94QC vulnerabilities
Vulnerabilities for packages: ruby...
CVE-2023-28756 vulnerabilities
Vulnerabilities for packages: ruby...