CVE-2025-45765

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

CVE-2025-45765

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

UBUNTU-CVE-2025-45765

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

Improper Validation of Integrity Check Value

Overview jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value due to missing authentication tag validation in the AES-GCM process. An attacker can gain access to confidential...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

ruby-jwt < v3.0.0.beta1 was discovered to contain weak encryption

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

CVE-2025-45765

CVE-2025-45765 concerns ruby-jwt v3.0.0.beta1, which is reported to contain weak encryption due to lack of enforced minimum key sizes. The Supplier’s note indicates keysize enforcement is not within the library itself, while newer OpenSSL versions enforce key size restrictions that may affect use...

CVE-2025-45765

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

PT-2025-32312 · Ruby-Jwt +1 · Ruby-Jwt +1

Name of the Vulnerable Software and Affected Versions: ruby-jwt version 3.0.0.beta1 Description: ruby-jwt v3.0.0.beta1 contains weak encryption. The supplier notes that key size is not enforced by the library itself, and restrictions imposed by recent versions of OpenSSL may apply to users of the...

jwt 安全漏洞

jwt is a Ruby library for JSON Web Token open source. A security vulnerability exists in jwt version v3.0.0.beta1, which stems from the presence of a weak cryptographic implementation...

CVE-2025-45765

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

CVE-2025-45765

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

[SECURITY] [DLA 4263-1] ruby-graphql security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4263-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta August 04, 2025 https://wiki.debian.org/LTS -...

Medium: ruby

Issue Overview: The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv...

DLA-4263-1 ruby-graphql - security update

Bulletin has no description...

Amazon Linux 2 : ruby (ALAS-2025-2957)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2957 advisory. The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1124)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1124 advisory. Thor before 1.4.0 can construct an unsafe shell command from library input. CVE-2025-54314 Tenable has extracted the preceding description block directly from the tested product security advisory. Note...

Debian dla-4263 : ruby-graphql - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4263 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4263-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DLA-4263-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...