EUVD-2022-2118

Malicious code in bioql PyPI...

ROS-20250826-03

Vulnerability of WEBrick library of Ruby programming language interpreter is related to incorrect checking of HTTP requests in the readheader method. HTTP requests in the readheader method. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform HTTP request spoofin...

PT-2020-5675 · Ruby +9 · Ruby +10

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 2.5.9 Ruby versions 2.6.x through 2.6.6 Ruby versions 2.7.x through 2.7.1 Description: The issue is related to the WEBrick library in Ruby, which has a problem with incorrect checking of the header value. This can...

Medium: ruby24

Issue Overview: Arbitrary heap exposure during a JSON.generate call Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a...

CVE-2017-10784

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name...

CVE-2017-10784

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name...

CVE-2017-10784

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name...

CVE-2017-10784

CVE-2017-10784 affects Ruby’s WEBrick Basic authentication: an attacker can inject terminal escape sequences into WEBrick logs via a crafted username, potentially affecting the attacker’s terminal emulator. Deb and related advisories confirm the vulnerability exists in WEBrick in Ruby versions pr...

CVE-2017-10784

Removed by vendor...

Ruby Security Bypass Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A security vulnerability exists in the Basic authentication code of the WEBrick library in Ruby versions prior to 2.2.8, 2.3.x prior to 2.3.5, and 2.4.x...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service CPU consumption via a crafted HTTP request...