Linux Distros Unpatched Vulnerability : CVE-2021-39880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from...

Linux Distros Unpatched Vulnerability : CVE-2020-25613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked th...

Linux Distros Unpatched Vulnerability : CVE-2023-5349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service DOS by memory exhaustion...

Linux Distros Unpatched Vulnerability : CVE-2022-48338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The...

CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

CVE-2025-27111 Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This vulnerability is fixed...

CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

AZL-57778 CVE-2025-27221 affecting package ruby for versions less than 3.1.4-9

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

CVE-2025-27220 vulnerabilities

Vulnerabilities for packages: ruby, logstash, jruby...

CVE-2025-27219 vulnerabilities

Vulnerabilities for packages: ruby, logstash, jruby...

ALPINE-CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

CVE-2025-27219 vulnerabilities

Vulnerabilities for packages: elasticsearch, ruby, logstash, jruby...

CVE-2025-27220 vulnerabilities

Vulnerabilities for packages: elasticsearch, ruby, logstash, jruby...

CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

DEBIAN-CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

AZL-57893 CVE-2025-27221 affecting package ruby for versions less than 3.3.5-3

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

AZL-57791 CVE-2025-27220 affecting package ruby for versions less than 3.1.4-9

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

DEBIAN-CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

AZL-57923 CVE-2025-27219 affecting package ruby for versions less than 3.3.5-3

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...