CVE-2025-43857 net-imap rubygem vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ruby2.5 (SUSE-SU-2025:1369-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1369-1 advisory. - CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse bsc1237804 - CVE-2025-27220: Fixe...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse bsc1237804 CVE-2025-27220: Fixed ReDoS in CGI::UtilescapeElement bsc1237806 Other fixes: - Improved fix for CVE-2024-47220 bsc1230930, bsc1235773 Patch Instructions: To install this...

SUSE-SU-2025:1369-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse bsc1237804 - CVE-2025-27220: Fixed ReDoS in CGI::UtilescapeElement bsc1237806 Other fixes: - Improved fix for CVE-2024-47220 bsc1230930, bsc1235773...

RHSA-2025:4063 Red Hat Security Advisory: ruby:3.1 security update

Bulletin has no description...

Malicious code in bvr-api (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed2a0f9c584ecfcffc1c76619a1637559d1d8771f78e1d3655f819f7fff67962 The OpenSSF Package Analysis project identified 'bvr-api' @ 0.3.12 rubygems as malicious. It is considered malicious because: - The package...

GHSA-5W6V-399V-W3CC vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, ruby3.2-rails, ruby3.4-rails...

CGI: ReDoS in CGI::Util#escapeElement

A flaw was found in Ruby's CGI gem. The CGI::UtilescapeElement method is vulnerable to Regular expression Denial of Service ReDoS, allowing a specially crafted input to cause a high CPU consumption...

CGI: Denial of Service in CGI::Cookie.parse

A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...

Moderate: Red Hat Security Advisory: ruby:3.1 security update

An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>

A vulnerability was found in REXML, an XML toolkit used for Ruby. When parsing an untrusted XML with many specific characters, the REXML gem may take a long time, leading to a denial of service condition. Some of these special characters include the whitespace character, '', and ''...

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

[SECURITY] Fedora 40 Update: ruby-3.3.8-19.fc40

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Fedora 40 : ruby (2025-9bef972bb9)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-9bef972bb9 advisory. Upgrade to Ruby 3.3.8. CVE-2025-25186: Fix Net::IMAP vulnerable to possible DoS by memory exhaustion Resolves: rhbz2345556 CVE-2025-27219: Denial of...

RHEL 8 : ruby:3.1 (RHSA-2025:4063)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4063 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

Oracle Linux 8 : ruby:3.1 (ELSA-2025-4063)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-4063 advisory. - Fix DoS vulnerability in REXML. CVE-2024-39908 Resolves: RHEL-57051 - Fix DoS vulnerability in REXML. CVE-2024-43398 Resolves: RHEL-56002 - Fix REXML...

Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

ALSA-2025:4063 Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...