CLSA-2025-1759222758 ruby: Fix of 4 CVEs

CVE-2016-2337: Fix type confusion in canceleval Ruby's TclTkIp class method to prevent arbitrary code execution - CVE-2017-9224: Fix stack out-of-bounds read in matchat during regular expression searching - CVE-2017-9227: Fix stack out-of-bounds read in mbcenclen and invalid pointer dereference...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1204)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1204 advisory. REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be...

ruby3.4-rubygem-rack-2.2-2.2.18-1.1 on GA media (moderate)

ruby3.4-rubygem-rack-2.2-2.2.18-1.1 on GA media Announcement ID: openSUSE-SU-2025:15587-1 Rating: moderate Cross-References: CVE-2025-59830 CVSS scores: CVE-2025-59830 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one...

NewStart CGSL MAIN 6.06 : ruby Multiple Vulnerabilities (NS-SA-2025-0208)

The remote NewStart CGSL host, running version MAIN 6.06, has ruby packages installed that are affected by multiple vulnerabilities: - CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks vi...

Ubuntu: Security Advisory (USN-7784-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7784-1 ruby-rack vulnerability

It was discovered that Rack incorrectly handled limiting the amount of parameters. An attacker could possibly use this issue to bypass the paramslimit value, leading to a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2025-59830

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still...

Low: ruby3.2

Issue Overview: REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches t...

OPENSUSE-SU-2025:15587-1 ruby3.4-rubygem-rack-2.2-2.2.18-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-rack-2.2-2.2.18-1.1 package on the GA media of openSUSE Tumbleweed...

tree-sitter-ruby-0.23.1-2.1 on GA media (moderate)

tree-sitter-ruby-0.23.1-2.1 on GA media Announcement ID: openSUSE-SU-2025:15582-1 Rating: moderate Cross-References: CVE-2025-5889 CVE-2025-59343 CVSS scores: CVE-2025-5889 SUSE : 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2025-5889 SUSE : 2...

OPENSUSE-SU-2025:15582-1 tree-sitter-ruby-0.23.1-2.1 on GA media

These are all security issues fixed in the tree-sitter-ruby-0.23.1-2.1 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Console

Summary Multiple vulnerabilities were addressed in IBM Aspera Console version 3.4.7. Vulnerability Details CVEID:CVE-2022-44566 DESCRIPTION: A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed intege...

CVE-2025-59830

Rack (Ruby web server interface) prior to version 2.2.18 is vulnerable in Rack::QueryParser where param counting is enforced only for parameters separated by & but parsing also splits on ;. This allows semicolon-separated parameters to bypass the params_limit and can lead to increased CPU/memory ...

Ruby REXML 3.3.3 < 3.4.2 DoS vulnerability

The version of the REXML Ruby library installed on the remote host is 3.3.3 prior to 3.4.2. It is, therefore, affected by a DoS vulnerability as referenced in GHSA-c2f4-jgmc-q2r5 advisory. - REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing...

Regular Expression Denial of Service (ReDoS)

Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expressions in CHARACTERREFERENCES. This vulnerability can be exploited when parsing XML content containing numerous...

geminabox

It is an offensive tool for RubyGem hosting. The repository contains a simple RubyGem hosting system called Gem in a Box. It allows users to host their own RubyGems, and it includes features such as user authentication, gem versioning, and a web interface for browsing and downloading gems. The to...

REXML has a DoS condition when parsing malformed XML file

...

rubysec

This is a Ruby library for performing mutation testing, which is a form of testing that ensures that test coverage is comprehensive by introducing small changes mutations into the code under test and verifying that the tests fail as expected. The library, called Mutant, is designed to be used in...

Linux Distros Unpatched Vulnerability : CVE-2025-58767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need ...

SUSE CVE-2025-58767

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...