PT-2025-32312 · Ruby-Jwt +1 · Ruby-Jwt +1

Name of the Vulnerable Software and Affected Versions: ruby-jwt version 3.0.0.beta1 Description: ruby-jwt v3.0.0.beta1 contains weak encryption. The supplier notes that key size is not enforced by the library itself, and restrictions imposed by recent versions of OpenSSL may apply to users of the...

CVE-2025-45765

CVE-2025-45765 concerns ruby-jwt v3.0.0.beta1, which is reported to contain weak encryption due to lack of enforced minimum key sizes. The Supplier’s note indicates keysize enforcement is not within the library itself, while newer OpenSSL versions enforce key size restrictions that may affect use...

CVE-2025-45765

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

[SECURITY] [DLA 4263-1] ruby-graphql security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4263-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta August 04, 2025 https://wiki.debian.org/LTS -...

Medium: ruby

Issue Overview: The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv...

Amazon Linux 2 : ruby (ALAS-2025-2957)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2957 advisory. The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a...

Debian: Security Advisory (DLA-4263-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4263-1 ruby-graphql - security update

Bulletin has no description...

Debian dla-4263 : ruby-graphql - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4263 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4263-1 [email protected] https://www.debian.org/lts/security/...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1131)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1131 advisory. The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.An attacker can craft a...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1115)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1115 advisory. Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1124)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1124 advisory. Thor before 1.4.0 can construct an unsafe shell command from library input. CVE-2025-54314 Tenable has extracted the preceding description block directly from the tested product security advisory. Note...

CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

OESA-2025-1930 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Webrick is an open source HTTP server toolkit for The Ruby Programming Language. Webrick has an...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

Malicious code in webpack-dev-server (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in maventa_utils (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in icaret (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b2390fae7771a778a8bf020a3313113b56c56383c2178d916748a8d959678c9e The OpenSSF Package Analysis project identified 'icaret' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The package...

Amazon Linux 2 : ruby (ALAS-2025-2931)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2931 advisory. Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTT...

Jwt 安全漏洞

jwt is a Ruby library for JSON Web Token open source. A security vulnerability exists in Jwt version v5.4.3, which stems from weak encryption...