PT-2024-3335 · Ruby +7 · Ruby +7

Name of the Vulnerable Software and Affected Versions: Ruby versions 3.0.0 through 3.3.0 Description: The issue is related to a buffer overflow in the heap of the Ruby programming language interpreter. It allows an attacker to impact the confidentiality, integrity, and availability of protected...

Arbitrary memory address read vulnerability with Regex search

If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. We recommend to update the Ruby to version 3.3.1 or later. In order to ensure compatibility with older Ruby...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ruby Vulnerability (NS-SA-2024-0012)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ruby packages installed that are affected by a vulnerability: - A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. ...

CVE-2024-32463 phlex makes Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. The filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag...

CVE-2024-32463 phlex makes Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. The filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag...

CVE-2024-32463

The CVE-2024-32463 entry concerns phlex, a Ruby-based open source framework for building object-oriented views. The vulnerability is an XSS flaw in the handling of href attributes on tags, where the javascript: scheme can be bypassed by inserting tab or newline characters (e.g., java\tscript:). ...

phlex 安全漏洞

phlex is a framework for building object-oriented views in Ruby. A security vulnerability exists in phlex that stems from a potential cross-site scripting XSS vulnerability...

Critical Photon OS Security Update - PHSA-2024-4.0-0592

Updates of 'linux-rt', 'linux-aws', 'openssl', 'libvirt', 'linux', 'ruby', 'linux-secure', 'wireshark', 'suricata' packages of Photon OS have been released...

rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing

A denial of service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability...

Critical Photon OS Security Update - PHSA-2024-5.0-0247

Updates of 'ruby' packages of Photon OS have been released...

Mageia: Security Advisory (MGASA-2024-0123)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated ruby-rack packages fix security vulnerabilities

Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability ReDos 2nd degree polynomial. CVE-2024-25126 Carefully crafted Range headers can cause a server to respond with an unexpectedly large...

OESA-2024-1398 rubygem-tzinfo security update

TZInfo provides daylight savings aware transformations between times in different time zones. Security Fixes: TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when use...

Exploit for CVE-2024-24576

CVE-2024-24576-Poc-Python A quick POC for the vulnerability di...

Ruby Programming Language Installed (Windows)

Binary data rubywininstalled.nbin...

RLSA-2024:1576 Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. Rocky Linux-29052 Security Fixes: ruby/cgi-gem: HTTP response...

ruby:3.1 security, bug fix, and enhancement update

An update is available for rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, module.rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an...

The vulnerability of the Sanitize::Config::RELAXED component in the Sanitize library for the Ruby programming language allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Sanitize::Config::RELAXED component in the Sanitize library for the Ruby programming language is related to the lack of measures taken to protect the structure of web pages when processing style elements. Exploiting this vulnerability allows a remote attacker to perform...

Rocky Linux 9 : ruby:3.1 (RLSA-2024:1576)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1576 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...

ROS-20240404-10

A vulnerability in the Rack module of the Ruby programming language interpreter is associated with uncontrolled consumption of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...