BIT-RUBY-MIN-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS regular expression Denial of Service via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1...

BIT-RUBY-MIN-2021-41819

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

BIT-RUBY-MIN-2022-28738

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations...

BIT-RUBY-MIN-2022-28739

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including KernelFloat and Stringtof...

BIT-RUBY-MIN-2023-28756

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...

BIT-RUBY-MIN-2024-27282

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...

ruby3.4-rubygem-nokogiri-1.18.2-1.1 on GA media (moderate)

ruby3.4-rubygem-nokogiri-1.18.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:14697-1 Rating: moderate Cross-References: CVE-2013-2877 CVE-2014-0191 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-7995 CVE-2015-8035...

Debian dla-3450 : libruby2.5 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3450 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3450-1 [email protected]...

ruby3.4-rubygem-actiontext-8.0-8.0.1-1.1 on GA media (moderate)

ruby3.4-rubygem-actiontext-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14672-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in...

ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 on GA media (moderate)

ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14674-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in...

ruby3.4-rubygem-rails-8.0-8.0.1-1.1 on GA media (moderate)

ruby3.4-rubygem-rails-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14679-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

ruby3.4-rubygem-actionview-8.0-8.0.1-1.1 on GA media (moderate)

ruby3.4-rubygem-actionview-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14673-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in...

ruby3.4-rubygem-actioncable-8.0-8.0.1-1.1 on GA media (moderate)

ruby3.4-rubygem-actioncable-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14668-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed i...

ruby3.4-rubygem-railties-8.0-8.0.1-1.1 on GA media (moderate)

ruby3.4-rubygem-railties-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14680-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in t...

ruby3.4-rubygem-activerecord-8.0-8.0.1-1.1 on GA media (moderate)

ruby3.4-rubygem-activerecord-8.0-8.0.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14676-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed ...

OPENSUSE-SU-2025:14678-1 ruby3.4-rubygem-activesupport-8.0-8.0.1-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-activesupport-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:14674-1 ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-activejob-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1129)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : ruby (EulerOS-SA-2025-1129)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unge...

OPENSUSE-SU-2025:14669-1 ruby3.4-rubygem-actionmailbox-8.0-8.0.1-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-actionmailbox-8.0-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed...