Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-1825)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2024:14069-1 ruby3.3-rubygem-activerecord-7.0-7.0.8.4-1.1 on GA media

These are all security issues fixed in the ruby3.3-rubygem-activerecord-7.0-7.0.8.4-1.1 package on the GA media of openSUSE Tumbleweed...

Medium: ruby

Issue Overview: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 Affected Packages: ruby Note: This advisory is applicable to Amazon Linux 2 - Ruby3.0 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and...

Amazon Linux 2 : ruby (ALASRUBY3.0-2024-008)

The version of ruby installed on the remote host is prior to 3.0.6-156. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY3.0-2024-008 advisory. ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 Tenable has extracted the preceding description block directl...

RDoc: Remote Code Execution

Background RDoc produces HTML and command-line documentation for Ruby projects. Description A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Impact When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection...

Ubuntu: Security Advisory (USN-6837-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6838-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6838-1: Ruby vulnerabilities

It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdocoptions file, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2024-27281 It was discovered that the Ruby regex...

USN-6838-1 ruby2.7, ruby3.0, ruby3.1, ruby3.2 vulnerabilities

It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdocoptions file, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2024-27281 It was discovered that the Ruby regex...

USN-6837-1: Rack vulnerabilities

It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.10. CVE-2023-27530 It was discovered that Rack incorrectly parsed certain...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Ruby vulnerabilities (USN-6838-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6838-1 advisory. It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into...

OPENSUSE-SU-2024:12880-1 ruby3.2-rubygem-activestorage-7.0-7.0.4.3-1.1 on GA media

These are all security issues fixed in the ruby3.2-rubygem-activestorage-7.0-7.0.4.3-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10189-1 ruby2.2-rubygem-rails-html-sanitizer-1.0.3-1.2 on GA media

These are all security issues fixed in the ruby2.2-rubygem-rails-html-sanitizer-1.0.3-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11327-1 ruby2.7-rubygem-activerecord-6.0-6.0.4-1.2 on GA media

These are all security issues fixed in the ruby2.7-rubygem-activerecord-6.0-6.0.4-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11324-1 ruby2.7-rubygem-activemodel-5.2-5.2.6-1.2 on GA media

These are all security issues fixed in the ruby2.7-rubygem-activemodel-5.2-5.2.6-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12773-1 ruby3.1-rubygem-rack-3.0.4.2-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-rack-3.0.4.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12804-1 ruby3.1-rubygem-activesupport-7.0-7.0.4.3-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-activesupport-7.0-7.0.4.3-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12033-1 ruby3.1-rubygem-sinatra-2.2.0-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-sinatra-2.2.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11353-1 ruby2.7-rubygem-sinatra-2.1.0-1.6 on GA media

These are all security issues fixed in the ruby2.7-rubygem-sinatra-2.1.0-1.6 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11820-1 ruby3.1-rubygem-actionmailer-6.0-6.0.4.4-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-actionmailer-6.0-6.0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...