14179 matches found
RLSA-2024:10834 Important: ruby:3.1 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...
RLSA-2024:10850 Important: ruby:2.5 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...
ruby:2.5 security update
An update is available for ruby, rubygem-bson, module.rubygem-bson, rubygem-bundler, rubygem-abrt, module.rubygem-pg, rubygem-mysql2, module.ruby, rubygem-mongo, module.rubygem-bundler, rubygem-pg, module.rubygem-mongo, module.rubygem-abrt, module.rubygem-mysql2. This update affects Rocky Linux 8...
ruby:3.1 security update
An update is available for ruby, rubygem-abrt, module.rubygem-pg, rubygem-mysql2, module.ruby, rubygem-pg, module.rubygem-abrt, module.rubygem-mysql2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: ruby
Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...
Important: ruby
Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...
CVE-2024-43398
...
RockyLinux 8 : ruby:2.5 (RLSA-2024:10850)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:10850 advisory. rexml: REXML ReDoS vulnerability CVE-2024-49761 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that...
RockyLinux 9 : ruby:3.1 (RLSA-2024:10860)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:10860 advisory. rexml: REXML ReDoS vulnerability CVE-2024-49761 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that...
Internet Bug Bounty: [CVE-2024-54133] Possible Content Security Policy bypass in Action Dispatch
A vulnerability was discovered in the contentsecuritypolicy helper in Action Pack of Ruby on Rails. Carefully crafted inputs were able to inject new directives into the Content-Security-Policy CSP header, potentially leading to a bypass of the CSP and its protection against cross-site scripting X...
CVE-2024-49761 affecting package ruby for versions less than 3.3.5-1
CVE-2024-49761 affecting package ruby for versions less than 3.3.5-1. A patched version of the package is available...
CVE-2024-39908 affecting package ruby for versions less than 3.3.5-1
CVE-2024-39908 affecting package ruby for versions less than 3.3.5-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-43398 affecting package ruby for versions less than 3.3.5-1
CVE-2024-43398 affecting package ruby for versions less than 3.3.5-1. An upgraded version of the package is available that resolves this issue...
GHSA-5MPW-4546-2WCR vulnerabilities
Vulnerabilities for packages: ruby3.3-elasticsearch, ruby3.2-elasticsearch, elasticsearch, elasticsearch-fips...
GHSA-5MPW-4546-2WCR vulnerabilities
Vulnerabilities for packages: ruby3.3-elasticsearch, ruby3.2-elasticsearch...
CVE-2024-12539 vulnerabilities
Vulnerabilities for packages: ruby3.3-elasticsearch, ruby3.2-elasticsearch, elasticsearch, elasticsearch-fips...
Malicious code in haefgerasgrae (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c51eb8de5b4c76701af20deeb703ba85374c2036c17fd5bcd09b7b0233c6ae34 The OpenSSF Package Analysis project identified 'haefgerasgrae' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The package...
RHSA-2024:11029 Red Hat Security Advisory: ruby:2.5 security update
Bulletin has no description...
RHSA-2024:11028 Red Hat Security Advisory: ruby:2.5 security update
Bulletin has no description...
RHSA-2024:11027 Red Hat Security Advisory: ruby:2.5 security update
Bulletin has no description...