CVE-2026-44837

ViewComponent CVE-2026-44837 affects Rails ViewComponent from 3.0.0 to 4.9.0. Root cause: system test entrypoint uses File.realpath and starts_with to check the path, which is not a safe containment check and allows potential sibling-directory escapes. Impact: could permit access to files outside...

EUVD-2026-31971

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

ruby:3.3 security update

An update is available for module.rubygem-abrt, module.ruby, module.rubygem-mysql2, module.rubygem-pg, rubygem-mysql2, ruby, rubygem-abrt, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RLSA-2026:20614 Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

RHSA-2026:20670 Red Hat Security Advisory: ruby security update

Bulletin has no description...

RHSA-2026:20614 Red Hat Security Advisory: ruby:3.3 security update

Bulletin has no description...

RHSA-2026:20606 Red Hat Security Advisory: ruby4.0 security update

Bulletin has no description...

RHSA-2026:20596 Red Hat Security Advisory: ruby:4.0 security update

Bulletin has no description...

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection

A flaw was found in Ruby JSON. This vulnerability, a format string injection, allows a remote attacker to cause a denial of service DoS or disclose sensitive information. The flaw occurs when processing specially crafted user-supplied documents with the allowduplicatekey: false parsing option...

Important: Red Hat Security Advisory: ruby:4.0 security update

An update for the ruby:4.0 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

Important: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: ruby4.0 security update

An update for ruby4.0 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection

A flaw was found in Ruby JSON. This vulnerability, a format string injection, allows a remote attacker to cause a denial of service DoS or disclose sensitive information. The flaw occurs when processing specially crafted user-supplied documents with the allowduplicatekey: false parsing option...

ruby:3.3 security update

ruby 3.3.10-6 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171247 rubygem-abrt 0.4.0-1 - Update to abrt 0.4.0. Resolves: rhbz1842476 rubygem-mysql2 0.5.5-1 - Upgrade to mysql2 0.5.5. Related: RHEL-17090 rubygem-pg 1.5.4-1 - Upgrade to pg 1.5.4...

ALSA-2026:20606 Important: ruby4.0 security update

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Informatio...