ruby security update

An update is available for ruby, rubygem-bson, module.rubygem-bson, rubygem-bundler, rubygem-abrt, module.rubygem-pg, rubygem-mysql2, module.ruby, rubygem-mongo, module.rubygem-bundler, rubygem-pg, module.rubygem-mongo, module.rubygem-abrt, module.rubygem-mysql2. This update affects Rocky Linux 8...

RHEL 9 : ruby (RHSA-2024:4542)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4542 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks...

ruby security update

ruby 2.5.9-112 - Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755. CVE-2023-36617 Resolves: RHEL-5614 - Fix Buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-34125 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-34117 -...

Rocky Linux 8 : ruby (RLSA-2024:4499)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4499 advisory. rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 CVE-2023-36617 ruby: Buffer overread vulnerability in StringIO...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-1921)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unge...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2024-1897)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and unge...

ROS-20240711-01

Vulnerability The frames.html file is a tool for creating documentation for the Ruby programming language YARD is related to improper handling of user-controlled data obtained from a URL hash in the embedded JavaScript code in the "frames.erb" template file. Exploitation of the vulnerability coul...

OESA-2024-1824 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service...

RHEL 7 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - onigmo: out-of-bounds read in nextstateval in regparse.c CVE-2019-16162 - Onigmo through 6.2.0 has a NULL...

RHEL 8 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - onigmo: out-of-bounds read in nextstateval in regparse.c CVE-2019-16162 - Onigmo through 6.2.0 has a NULL...

ruby: Buffer overread vulnerability in StringIO

A buffer overread flaw was found in rubygem StringIO. The ungetbyte and ungetc methods on a StringIO object can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value...

ruby: Arbitrary memory address read vulnerability with Regex search

A flaw was found in Ruby. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings...

REXML: DoS parsing an XML with many `<`s in an attribute value

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

Moderate: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Ruby Programming Language Installed (Linux)

Binary data rubynixinstalled.nbin...

Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 CVE-2023-36617 ruby: Buffer overread vulnerability...

RHEL 8 : ruby (RHSA-2024:4499)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4499 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

ALSA-2024:4499 Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 CVE-2023-36617 ruby: Buffer overread vulnerability...

CVE-2024-27090

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...