OESA-2025-1195 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starti...

OESA-2025-1196 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starti...

MAL-2025-1561 Malicious code in vite_ruby_monorepo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f016bbad97a0f6e120d5540fe2632278fddf3420077cdcfd4baba37ff8b9580 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ruby2.5 (SUSE-SU-2025:0736-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0736-1 advisory. - CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick bsc1230930 - CVE-2024-49761:...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Ruby SAML vulnerabilities (USN-7309-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7309-1 advisory. It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated...

SUSE CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

SUSE CVE-2025-27220

In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...

SUSE CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick bsc1230930 CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml bsc1232440 Other fixes: ruby/uri Fix quadratic backtracking on invalid relative URI ruby/time Make RFC2822 rege...

SUSE-SU-2025:0736-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick bsc1230930 - CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml bsc1232440 Other fixes: - ruby/uri Fix quadratic backtracking on invalid relative URI - ruby/time Make...

Internet Bug Bounty: [CVE-2025-27219] Denial of Service in CGI::Cookie.parse

A denial-of-service vulnerability was discovered in the CGI::Cookie.parse method of the Ruby cgi gem. The vulnerability was caused by the method taking super-linear time to parse a maliciously crafted cookie string. This could have led to service disruptions. The vulnerability was assigned the CV...

PT-2025-8695

Name of the Vulnerable Software and Affected Versions CGI gem versions prior to 0.4.2 Description A Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method. This issue can lead to high CPU consumption due to crafted input. The vulnerability affects Ruby...

CVE-2025-27220 - ReDoS in CGI::Util#escapeElement.

There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...

Malicious code in luno-cocoapods (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9bb59e6b577e1a28cf71bf254ef70a0641db3319c1985827f792edb51ea14493 The OpenSSF Package Analysis project identified 'luno-cocoapods' @ 2.8.0 rubygems as malicious. It is considered malicious because: - The packag...

Ruby on Rails: 1-Click Cross-Site Scripting via Custom Configuration in SafeListSanitizer

Vulnerability description not provided...

OESA-2025-1156 yajl security update

yajl is a small event-driven JSON parser written in ANSI C, and a small validating JSON generator. Security Fixes: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in...

Malicious code in komojuu (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c9b92c44ca626e6347b7268f60a919598a96b7b49491c0e2eed6b9d7f0d3ab73 The OpenSSF Package Analysis project identified 'komojuu' @ 99.0.0 rubygems as malicious. It is considered malicious because: - The package...

Internet Bug Bounty: CVE-2024-43398: DoS vulnerability in REXML

The CVE-2024-43398 vulnerability was a denial-of-service issue in the REXML library due to poor performance when parsing specially crafted XML. This vulnerability was addressed with a patch released by the Ruby team...

ruby3.4-rubygem-grpc-1.70.1-1.1 on GA media (moderate)

ruby3.4-rubygem-grpc-1.70.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14821-1 Rating: moderate Cross-References: CVE-2023-0286 CVSS scores: CVE-2023-0286 SUSE : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability...

GHSA-VVFQ-8HWR-QM4M vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, ruby3.2-rails, logstash, ruby3.3-rails...