CVE-2021-32066

CVE-2021-32066 affects Ruby up to 3.0.1 where Net::IMAP does not raise an exception when StartTLS fails with an unknown response, enabling potential MITM StartTLS stripping. Connected advisories confirm the issue and list affected Ruby versions (2.6.x–3.0.x) and that fixes are provided in newer R...

CVE-2021-31799

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

CVE-2021-31799

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

CVE-2021-28966

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...

Code injection

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...

Code injection

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

Fedora: Security Advisory for ruby (FEDORA-2021-36cdab1f8d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GitLab: ReDoS in syntax highlighting due to Rouge

Summary Gitlab is using the ruby gem "rouge" which has a ReDoS vulnerability. In rouge, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have cubic worst-case complexity and are vulnerable to Regular Expression Denial of Service...

[SECURITY] Fedora 34 Update: ruby-3.0.2-149.fc34

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

CVE-2021-31799

CVE-2021-31799 affects RDoc (3.11–6.x, before 6.3.1) packaged with Ruby up to 3.0.1. An attacker can execute arbitrary code via special characters in a filename when running rdoc, enabling OS command execution. The connected advisories and vendor pages confirm the issue and remediation path. Impa...

CVE-2021-31799

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

CVE-2021-31799

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

CVE-2021-28966

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...

CVE-2021-28966

CVE-2021-28966 affects Ruby up to 3.0 on Windows. A remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir, enabling path-related manipulation. Root cause: how TmpDir parameter is processed in web contexts (no details beyond this in the provided documents...

CVE-2021-28966

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...

CVE-2021-28966

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...

OESA-2021-1280 rubygem-kramdown security update

kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions. Security Fixes: The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access su...

[SECURITY] [DLA 2719-1] ruby-actionpack-page-caching security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2719-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler July 23, 2021 https://wiki.debian.org/LTS -...

Ubuntu: Security Advisory (USN-5020-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : Ruby -- multiple vulnerabilities (7ed5779c-e4c7-11eb-91d7-08002728f74c)

Ruby news : This release includes security fixes. Please check the topics below for details. CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP CVE-2021-31799: A command injection vulnerability in RDoc %NASLMINLEVE...