14168 matches found
Ruby REXML < 3.3.9 ReDoS vulnerability
The version of the REXML Ruby library installed on the remote host is prior to 3.3.9. It is, therefore, affected by a ReDoS vulnerability. The vulnerability lies when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with...
CVE-2024-21510
Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into...
Sinatra 安全漏洞
Sinatra is a Sinatra open source DSL for quickly creating web applications in Ruby with minimal effort A security vulnerability exists in Sinatra. An attacker exploiting this vulnerability can trigger an open redirection attack by inserting an arbitrary address in the header...
Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2024-743)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-743 advisory. An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., GET /admin...
Important: ruby3.2
Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...
SUSE CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
ROS-20241029-11
A vulnerability in the blockformat function of the Ruby interpreter with the Action Mailer Gem extension is related to the execution of the function for an unexpectedly large amount of time. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
The vulnerability of the XML tools for Ruby REXML, related to uncontrolled resource consumption, allows a attacker to cause a service failure.
The vulnerability of the XML tools for Ruby REXML is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the XML tools for Ruby REXML relates to uncontrolled resource consumption, allowing attackers to cause service failures.
The vulnerability of the XML tools for Ruby REXML is related to uncontrolled resource leaks. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
ROS-20241029-09
A vulnerability in the plaintextforblockquotenode function of the Ruby interpreter with the Action Text Gem extension is related to the execution of the function for an unexpectedly large amount of time. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial o...
ROS-20241029-02
A vulnerability in the Action Dispatch component of the Ruby interpreter with the Action Pack extension is related to bugs in the procedures for filtering Action Dispatch request parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A...
CVE-2024-49761
A flaw was found in the REXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...
AZL-51908 CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.3.9-1
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
AZL-51904 CVE-2024-49761 affecting package ruby for versions less than 3.3.5-1
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761 vulnerabilities
Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, logstash, ruby3.4-fluentd-kubernetes-daemonset, ruby, ruby3.1-fluentd-kubernetes-daemonset, jruby, kube-fluentd-operator...
DEBIAN-CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
AZL-51876 CVE-2024-49761 affecting package ruby for versions less than 3.1.4-8
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
AZL-51894 CVE-2024-49761 affecting package rubygem-rexml for versions less than 3.2.7-3
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...
CVE-2024-49761 vulnerabilities
Vulnerabilities for packages: jruby, kube-fluentd-operator, logstash, ruby...