CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

GHSA-9M3Q-RHMV-5Q44 Out-of-bounds Read in Ruby JSON Parser

Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. Patches Version 2.10.2 fixes the problem. Workarounds None...

Out-of-bounds Read in Ruby JSON Parser

Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. Patches Version 2.10.2 fixes the problem. Workarounds None...

CVE-2025-27788

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

UBUNTU-CVE-2025-27788

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

CVE-2025-27788 Ruby JSON Parser has Out-of-bounds Read

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

CVE-2025-27788 Ruby JSON Parser has Out-of-bounds Read

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

CVE-2025-27788

The CVE-2025-27788 entry corresponds to a Ruby JSON parser vulnerability (CVE-2025-27788) with out-of-bounds read leading to crashes. In IBM’s advisory, the affected products are: IBM watsonx Assistant Cartridge (versions 4.0–5.2.0) and IBM watsonx Orchestrate with watsonx Assistant Cartridge – A...

CVE-2025-27788 Ruby JSON Parser has Out-of-bounds Read

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

CVE-2025-27788

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

OneLogin ruby-saml 安全漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in OneLogin ruby-saml versions prior to 1.12.4 and 1.18.0, which stems from a parser difference that could lead to...

OneLogin ruby-saml 安全漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in ruby-saml versions prior to 1.12.4 and 1.18.0, which stems from parser differences and could lead to authentication...

OneLogin ruby-saml 安全漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in ruby-saml versions prior to 1.12.4 and 1.18.0, which stems from an improper handling of compressed SAML responses and...

Ruby 缓冲区错误漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer Yukihiro Matsumoto. A buffer error vulnerability exists in Ruby versions 2.10.0 through prior to 2.10.2, which stems from a specially crafted document that may cause an out-of-bounds...

PT-2025-11127 · Ruby-Saml +3 · Ruby-Saml +3

Name of the Vulnerable Software and Affected Versions: ruby-saml versions prior to 1.12.4 and 1.18.0 Description: An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different...

PT-2025-11128 · Ruby-Saml +3 · Ruby-Saml +3

Name of the Vulnerable Software and Affected Versions: ruby-saml versions prior to 1.12.4 and 1.18.0 Description: The issue is related to the ruby-saml library, which provides security assertion markup language SAML single sign-on SSO for Ruby. The library is susceptible to remote Denial of Servi...

PT-2025-11129

Name of the Vulnerable Software and Affected Versions ruby-saml versions prior to 1.12.4 and 1.18.0 Description An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, generating entirely different document structures...

PT-2025-11124

Name of the Vulnerable Software and Affected Versions OpenShift affected versions not specified Ruby affected versions not specified Description The issue concerns credential exposure in OpenShift and an out-of-bounds read in Ruby. Recommendations At the moment, there is no information about a...

PT-2025-11114

Name of the Vulnerable Software and Affected Versions graphql-ruby versions 1.11.5 through 1.11.7 graphql-ruby versions 1.12.0 through 1.12.24 graphql-ruby versions 1.13.0 through 1.13.23 graphql-ruby versions 2.0.0 through 2.0.31 graphql-ruby versions 2.1.0 through 2.1.13 graphql-ruby versions...

Out-of-bounds Read in Ruby JSON Parser

Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. Patches Version 2.10.2 fixes the problem. Workarounds None...