GHSA-353F-X4GH-CQQ8 vulnerabilities

Vulnerabilities for packages: logstash, ruby3.2-rails, ruby3.4-rails, ruby3.3-rails, gitlab-rails-ce, gitlab-rails-ce-fips...

Ubuntu: Security Advisory (USN-7659-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-65613 CVE-2025-54314 affecting package rubygem-thor 1.2.1-1

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

Thor 操作系统命令注入漏洞

Thor is a Ruby on Rails open source toolkit for building command line interfaces. An operating system command injection vulnerability exists in versions of Thor prior to 1.4.0, which stems from constructing insecure shell commands from library input and could lead to command injection...

CVE-2025-49828

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secre...

The vulnerability of the Ruby on Rails software platform, related to improper authentication, allows a hacker to trigger a service failure.

The vulnerability of the Ruby on Rails software platform is related to improper authentication. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

The vulnerability of the Ruby on Rails software platform, related to the manipulation of cross-site requests, allows attackers to send CSRF tokens to incorrect domains.

The vulnerability of the Ruby on Rails software platform is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to remotely send CSRF tokens to incorrect domains...

The vulnerability of the Ruby on Rails software platform, related to the， CSRF token。

The vulnerability of the Ruby on Rails software platform is related to the manipulation of inter-site requests in the authenticitytoken metagestion. Exploiting this vulnerability allows a malicious actor to forge the valid CSRF token remotely...

GHSA-XH69-987W-HRP8 vulnerabilities

Vulnerabilities for packages: jruby, ruby...

CVE-2025-24294 vulnerabilities

Vulnerabilities for packages: jruby, ruby...

GHSA-XH69-987W-HRP8 vulnerabilities

Vulnerabilities for packages: truffleruby, ruby, jruby...

CVE-2025-24294 vulnerabilities

Vulnerabilities for packages: truffleruby, ruby, jruby...

CVE-2025-6442 affecting package ruby for versions less than 3.1.7-2

CVE-2025-6442 affecting package ruby for versions less than 3.1.7-2. A patched version of the package is available...

CVE-2025-49828

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secre...

Directory Traversal

Overview measured is a package containing wrapper objects which encapsulate measurements and their associated units in Ruby. Affected versions of this package are vulnerable to Directory Traversal when initializing the Measured::Cache::Json class. An attacker can access arbitrary files by supplyi...

GHSA-XH69-987W-HRP8 resolv vulnerable to DoS via insufficient DNS domain name length validation

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. Details The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed doma...

rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

Improper Validation of Specified Quantity in Input

Overview resolv is a Thread-aware DNS resolver library in Ruby. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the getlabels function in the resolv.rb file. An attacker can cause excessive CPU resource consumption and make the applicatio...

AZL-65202 CVE-2025-24294 affecting package ruby for versions less than 3.1.7-3

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...

AZL-65241 CVE-2025-24294 affecting package ruby for versions less than 3.3.5-5

The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses suc...