Lucene search
+L

595 matches found

RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.2 views

ruby: WEBrick CGI source disclosure

Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing 1 + plus, 2 %2b encode...

5CVSS7.1AI score0.02813EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.3 views

ruby: WEBrick DoS vulnerability (CPU consumption)

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

7.8CVSS7AI score0.70202EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.3 views

ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick

It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...

9.3CVSS6.7AI score0.16412EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.3 views

ruby: HTTP response splitting in WEBrick

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

5.3CVSS6.6AI score0.04569EPSS
Exploits0References4
OSV
OSV
added 2026/04/17 10:21 p.m.26 views

GHSA-3JFP-46X4-XGFJ yard: Possible arbitrary path traversal and file access via yard server

Impact A path traversal vulnerability was discovered in YARD = 0.9.41 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The original patch in GHSA-xfhh-rx56-rxcr wa...

6.9CVSS5.9AI score0.00388EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.3 views

ruby: WEBrick DoS vulnerability (CPU consumption)

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

7.8CVSS7AI score0.70202EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.4 views

ruby: HTTP response splitting in WEBrick

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

5.3CVSS6.6AI score0.04569EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.3 views

ruby: WEBrick CGI source disclosure

Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing 1 + plus, 2 %2b encode...

5CVSS7.1AI score0.02813EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.3 views

ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick

It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...

9.3CVSS6.7AI score0.16412EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/09 12:37 p.m.2 views

ruby: Potential HTTP request smuggling in WEBrick

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

7.5CVSS6.6AI score0.03849EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.3 views

ruby: WEBrick CGI source disclosure

Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing 1 + plus, 2 %2b encode...

5CVSS7.1AI score0.02813EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.2 views

ruby: WEBrick DoS vulnerability (CPU consumption)

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

7.8CVSS7AI score0.70202EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.2 views

ruby: Potential HTTP request smuggling in WEBrick

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

7.5CVSS6.6AI score0.03849EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.3 views

ruby: HTTP response splitting in WEBrick

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

5.3CVSS6.6AI score0.04569EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.3 views

ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick

It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...

9.3CVSS6.7AI score0.16412EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 6:44 a.m.14 views

Security Bulletin: Ruby WEBrick read_header HTTP Request Smuggling Vulnerability (ZDI-CAN-21876), affects watsonx.data

Summary Ruby WEBrick is vulnerable to HTTP request smuggling via the readheader method due to inconsistent parsing of HTTP header terminators. Exploitation is possible when deployed behind certain HTTP proxies, allowing attackers to smuggle arbitrary HTTP requests. This can affect watsonx.data...

6.5CVSS6AI score0.00422EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.4 views

NewStart CGSL MAIN 6.06 (SP) : ruby Multiple Vulnerabilities (NS-SA-2026-0023)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has ruby packages installed that are affected by multiple vulnerabilities: - CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...

7.8CVSS6AI score0.04246EPSS
Exploits3References7
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.3 views

Astra Linux – Vulnerability in ruby-webrick

Ruby WEBrick’s readheaders method exposes a vulnerability related to HTTP request smuggling. This vulnerability allows remote attackers to inject arbitrary HTTP requests into affected installations of Ruby WEBrick. This issue becomes exploitable when the product is deployed behind an HTTP proxy...

6.5CVSS6.7AI score0.00422EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : ruby:2.7 (AXSA:2021-2391:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2391:01 advisory. ruby: Potential HTTP request smuggling in WEBrick CVE-2020-25613 ruby: XML round-trip vulnerability in REXML CVE-2021-28965 Tenable has extracted th...

7.5CVSS8.3AI score0.05061EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 7 : rh-ruby25-ruby-2.5.9-9.el7 (AXSA:2021-1762:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1762:01 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 ruby: Regular expression denial of service vulnerability of...

8.1CVSS8.2AI score0.06811EPSS
Exploits2References9
Rows per page
Query Builder