Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.18 views

EulerOS 2.0 SP12 : ruby (EulerOS-SA-2024-2542)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby read...

4.3CVSS6.5AI score0.00494EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/10/09 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2024-2568)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6CVSS5.1AI score0.02064EPSS
Exploits1References2
NVD
NVD
added 2024/05/29 9:15 p.m.18 views

CVE-2024-35221

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...

4.3CVSS4.6AI score0.00494EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/29 8:18 p.m.25 views

CVE-2024-35221 Denial of service when publishing a package on rubygems.org

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...

4.3CVSS7AI score0.00494EPSS
Exploits0References3
CVE
CVE
added 2024/05/29 8:18 p.m.82 views

CVE-2024-35221

CVE-2024-35221 targets Rubygems.org’s gem publishing workflow. A Gem publisher could trigger a Remote DoS by publishing a Gem whose metadata is parsed with Gem::Specification.from_yaml, which uses SafeYAML.load and permits YAML aliases, enabling YAML-bomb style DoS. The issue is documented as pat...

4.3CVSS4.5AI score0.00494EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.4 views

PT-2024-5071 · Unknown · Rubygems.Org

Name of the Vulnerable Software and Affected Versions: RubyGems.org affected versions not specified Description: The issue is related to how Ruby reads the Manifest of Gem files when using Gem::Specification.from yaml, which makes use of SafeYAML.load. This allows YAML aliases inside the YAML-bas...

4.3CVSS6.9AI score0.00494EPSS
Exploits0References10
Rows per page
Query Builder