RHEL 9 : ruby:3.1 (RHSA-2025:4488)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4488 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

RHEL 9 : ruby (RHSA-2025:4487)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4487 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

ALSA-2025:4488 Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

Rails Config File Detected

A Ruby on Rails configuration file have been detected on the target web application. These files may contain sensitive information which could assist an attack to conduct further attacks. No source data...

ALPINE-CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

DEBIAN-CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

UBUNTU-CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

CVE-2025-43857 net-imap rubygem vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

CVE-2025-43857

Net::IMAP for Ruby is vulnerable to denial of service via memory exhaustion when processing server responses containing a literal byte count. A malicious server can trigger the client’s receiver thread to allocate memory for the indicated size, potentially exhausting memory during any active conn...

CVE-2025-43857 net-imap rubygem vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ruby2.5 (SUSE-SU-2025:1369-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1369-1 advisory. - CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse bsc1237804 - CVE-2025-27220: Fixe...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse bsc1237804 CVE-2025-27220: Fixed ReDoS in CGI::UtilescapeElement bsc1237806 Other fixes: - Improved fix for CVE-2024-47220 bsc1230930, bsc1235773 Patch Instructions: To install this...

SUSE-SU-2025:1369-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse bsc1237804 - CVE-2025-27220: Fixed ReDoS in CGI::UtilescapeElement bsc1237806 Other fixes: - Improved fix for CVE-2024-47220 bsc1230930, bsc1235773...

RHSA-2025:4063 Red Hat Security Advisory: ruby:3.1 security update

Bulletin has no description...

Malicious code in bvr-api (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed2a0f9c584ecfcffc1c76619a1637559d1d8771f78e1d3655f819f7fff67962 The OpenSSF Package Analysis project identified 'bvr-api' @ 0.3.12 rubygems as malicious. It is considered malicious because: - The package...

GHSA-5W6V-399V-W3CC vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails, ruby3.3-rails...

rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>

A vulnerability was found in REXML, an XML toolkit used for Ruby. When parsing an untrusted XML with many specific characters, the REXML gem may take a long time, leading to a denial of service condition. Some of these special characters include the whitespace character, '', and ''...