USN-7091-1 ruby3.0, ruby3.2, ruby3.3 vulnerabilities

It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24....

Ubuntu: Security Advisory (USN-7091-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : Ruby vulnerabilities (USN-7091-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7091-1 advisory. It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value usi...

RHEL 7 : CloudForms 4.7 (RHSA-2019:0212)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0212 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

RHEL 6 / 7 : ror40-rubygem-actionpack (RHSA-2016:1857)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1857 advisory. Ruby on Rails is a model-view-controller MVC framework for web application development. Action Pack implements the controller and the view...

RHEL 6 / 7 : ruby193-rubygem-activerecord (RHSA-2014:0876)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0876 advisory. Ruby on Rails is a model-view-controller MVC framework for web application development. Active Record implements object-relational mapping for...

RHEL 6 / 7 : rh-ror41 (RHSA-2016:0456)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0456 advisory. The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller MVC framework for web application...

RHEL 6 / 7 : ruby193-rubygem-actionpack (RHSA-2016:1858)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1858 advisory. Ruby on Rails is a model-view-controller MVC framework for web application development. Action Pack implements the controller and the view...

Security update for ruby2.5

This update for ruby2.5 fixes the following issues: CVE-2024-43398: Fixed DoS when parsing a XML that has many deep elements with the same local name attributes bsc1229673 CVE-2024-41123: Fixed DoS when parsing an XML that contains many specific characters such as whitespaces, and bsc1228794...

GHSA-HXX2-7VCW-MQR3 vulnerabilities

Vulnerabilities for packages: ruby3.3-sinatra, ruby3.2-sinatra, logstash...

CVE-2024-21510 vulnerabilities

Vulnerabilities for packages: ruby3.3-sinatra, gitlab-cng, ruby3.2-sinatra, logstash...

CVE-2024-21510 vulnerabilities

Vulnerabilities for packages: ruby3.3-sinatra, ruby3.2-sinatra, logstash...

Sinatra 安全漏洞

Sinatra is a Sinatra open source DSL for quickly creating web applications in Ruby with minimal effort A security vulnerability exists in Sinatra. An attacker exploiting this vulnerability can trigger an open redirection attack by inserting an arbitrary address in the header...

CVE-2024-21510

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into...

Ruby REXML < 3.3.9 ReDoS vulnerability

The version of the REXML Ruby library installed on the remote host is prior to 3.3.9. It is, therefore, affected by a ReDoS vulnerability. The vulnerability lies when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with...

Important: ruby3.2

Issue Overview: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2024-743)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-743 advisory. An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., GET /admin...

SUSE CVE-2024-49761

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...

The vulnerability of the XML tools for Ruby REXML, related to uncontrolled resource consumption, allows a attacker to cause a service failure.

The vulnerability of the XML tools for Ruby REXML is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the XML tools for Ruby REXML relates to uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the XML tools for Ruby REXML is related to uncontrolled resource leaks. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...