Internet Bug Bounty: [CVE-2024-25126] Denial of Service Vulnerability in Rack Content-Type Parsing

A denial of service vulnerability was discovered in the content type parsing component of Rack. The vulnerability was assigned the CVE identifier CVE-2024-25126. The vulnerability affected versions 0.4 and above of Rack, and was addressed in versions 3.0.9.1 and 2.2.8.1...

AlmaLinux 9 : ruby:3.1 (ALSA-2024:1576)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1576 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

The vulnerability of the ungetbyte and ungetc methods in the StringIO string handling utilities in the Ruby programming language allows attackers to compromise the confidentiality of the protected information.

The vulnerability of the ungetbyte and ungetc methods in the StringIO string handling utilities in the Ruby programming language is related to the occurrence of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality of the...

The vulnerability in the built-in RDoc documentation generator for the Ruby programming language relates to the possibility of restoring unreliable data in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the built-in RDoc documentation generator for the Ruby programming language relates to the restoration of unreliable data in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially crafted .rdocoptions files...

ruby:3.1 security, bug fix, and enhancement update

ruby 3.1.4-143 - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI. Resolves: RHEL-28919 Resolves: RHEL-5612 - Fix ReDos vulnerability in Time. Resolves: RHEL-28920 - Make RDoc soft dependency in IRB. Resolves:...

Oracle Linux 9 : ruby:3.1 (ELSA-2024-1576)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1576 advisory. ruby 3.1.4-143 - Upgrade to Ruby 3.1.4. Resolves: RHEL-5586 - Fix HTTP response splitting in CGI. Resolves: RHEL-5591 - Fix ReDos vulnerability in URI...

ruby: ReDoS vulnerability in URI

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...

ruby/cgi-gem: HTTP response splitting in CGI

A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients...

rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...

ruby: ReDoS vulnerability in Time

A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service ReDoS...

Moderate: Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update

An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate Photon OS Security Update - PHSA-2024-5.0-0236

Updates of 'ruby' packages of Photon OS have been released...

RHEL 9 : ruby:3.1 (RHSA-2024:1576)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1576 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

ALSA-2024:1576 Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. AlmaLinux-29052 Security Fixes: ruby/cgi-gem: HTTP response...

Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. AlmaLinux-29052 Security Fixes: ruby/cgi-gem: HTTP response...

Internet Bug Bounty: CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc

A remote code execution vulnerability was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. The vulnerability was caused by the lack of restrictions on the classes that could be restored when parsing .rdocoptions as a YAML file. Additionally, object injection and...

ruby:3.1 security, bug fix, and enhancement update

An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RLSA-2024:1431 Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.1. Rocky Linux-28565 Security Fixes: ruby/cgi-gem: HTTP response...

Rocky Linux 8 : ruby:3.1 (RLSA-2024:1431)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1431 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...

The vulnerability of the Nokogiri library in the Ruby interpreter allows a hacker to disclose protected information or cause service failures.

The vulnerability of the Nokogiri library in the Ruby interpreter is related to improper handling of unexpected data types. Exploiting this vulnerability can allow an attacker to disclose protected information or cause service failures...