92 matches found
CVE-2021-33621
The CVE-2021-33621 entry concerns the Ruby CGI gem: HTTP response splitting in cgi-gem versions before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5. The underlying issue is in how untrusted input can affect an HTTP response or CGI::Cookie creation, enabling response-splitting exploits. Aff...
CVE-2023-28756
CVE-2023-28756 describes a ReDoS vulnerability in the Ruby Time parser up to version 3.2.1. The Time parser mishandles invalid URLs containing certain characters, causing increased execution time when parsing strings to Time objects. Affected product: Ruby Time component (through Ruby up to 3.2.1...
CVE-2020-25613
CVE-2020-25613 affects Ruby’s WEBrick HTTP server: transfer-encoding header handling was not sufficiently validated, potentially allowing HTTP Request Smuggling by an attacker bypassing a misconfigured reverse proxy. The issue is present in Ruby versions up to 2.5.8, 2.6.x up to 2.6.6, and 2.7.x ...
CVE-2022-28739
CVE-2022-28739 describes a buffer over-read during String-to-Float conversion in Ruby. Affected are Ruby versions: 2.6 and earlier, 2.7.x prior to 2.7.6, 3.x prior to 3.0.4, and 3.1.x prior to 3.1.2. The flaw affects conversion paths such as Kernel#Float and String#to_f and can lead to memory saf...
CVE-2021-41819
CVE-2021-41819 affects Ruby and the CGI::Cookie.parse function; Ruby up to 2.6.8 (and CGI gem up to 0.3.0) mishandle security prefixes in cookie names, enabling cookie-prefix spoofing. Public advisories confirm this and list affected Ruby versions across multiple distributions (AL2, AL2 Ruby3.0 e...
CVE-2018-16395
The CVE describes a bug in Ruby’s OpenSSL X509::Name equality check. Affected Ruby/OpenSSL versions are 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared, depending on ordering, non-equal names may compar...
CVE-2021-41817
CVE-2021-41817 is a Ruby-related ReDoS in Date parsing. The vulnerability affects Ruby’s date parsing pathways (notably date parsing methods) up to versions around 3.2.0, enabling denial-of-service via crafted date strings. The fixed releases cited in the sources are 3.2.1, 3.1.2, 3.0.2, and 2.0....
CVE-2019-16255
CVE-2019-16255 affects Ruby up to 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4, enabling code injection via the first argument to Shell#[] or Shell#test when data is untrusted. Connected advisories confirm this vulnerability and list affected JRuby/Ruby variants, with remediation by upgrading ...
CVE-2019-16201
CVE-2019-16201 affects Ruby’s WEBrick DigestAuth implementations across multiple Ruby branches (up to 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4). The issue is a regular-expression Denial of Service caused by backtracking in DigestAuth, requiring a WEBrick server exposed to the Internet or a...
CVE-2019-15845
CVE-2019-15845 is a Ruby vulnerability where File.fnmatch and File.fnmatch? mishandled strings containing NULL bytes, enabling a remote attacker to access unexpected files and bypass filesystem restrictions in affected Ruby versions (Ruby 2.4.7 and earlier; 2.5.x up to 2.5.6; 2.6.x up to 2.6.4). ...
CVE-2021-28965
The CVE-2021-28965 issue concerns the Ruby REXML library: specifically the REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1. The root cause is improper handling of XML round-trips, which can produce an incorrect XML document after parsing and serializing. Seve...
CVE-2019-16254
CVE-2019-16254 (HTTP Response Splitting) affects Ruby WEBrick in versions up to 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4. The issue arises when untrusted input is inserted into HTTP response headers, enabling CRLF/header injection and potentially malicious content. It is noted as a follow-...
CVE-2017-17742
CVE-2017-17742 affects Ruby with WEBrick: HTTP Response Splitting via crafted headers in WEBrick, impacting Ruby versions: <2.2.10, 2.3.x <2.3.7, 2.4.x <2.4.4, 2.5.x
CVE-2020-10933
CVE-2020-10933 affects the Ruby interpreter (2.5.x up to 2.5.7, 2.6.x up to 2.6.5, and 2.7.0). The issue occurs in BasicSocket#read_nonblock where the buffer is resized to the requested size but no data is copied, causing the buffer to expose the previous heap contents and potentially expose sens...
CVE-2021-31810
CVE-2021-31810 affects Ruby up to 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. A malicious FTP server can abuse the PASV response to persuade Net::FTP to connect to an attacker-specified IP/port, enabling potential information disclosure about private services (e.g., port scans and service bann...
CVE-2021-32066
CVE-2021-32066 affects Ruby up to 3.0.1 where Net::IMAP does not raise an exception when StartTLS fails with an unknown response, enabling potential MITM StartTLS stripping. Connected advisories confirm the issue and list affected Ruby versions (2.6.x–3.0.x) and that fixes are provided in newer R...
CVE-2018-8780
CVE-2018-8780 affects Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1. The flaw is in Dir.open, Dir.new, Dir.entries and Dir.empty? which do not check NULL characters, enabling unintentional directory traversal when these methods are used. Affect...
CVE-2018-16396
CVE-2018-16396 is a taint propagation issue in Ruby: certain formats used when unpacking tainted strings do not propagate taint correctly. Affected versions are Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. The root cause is that unpacked strings deri...
CVE-2017-17405
CVE-2017-17405 is a Ruby Net::FTP command-injection vulnerability where Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile invoke Kernel#open on local files; if the localfile argument begins with a pipe, the following command is executed. The default localfile is the ba...
CVE-2020-5247
CVE-2020-5247 is a HTTP Response Splitting vulnerability affecting Puma (RubyGem) in versions prior to 4.3.2 and 3.12.3 when untrusted input reaches response headers. An attacker could inject CR/LF sequences to terminate a header and inject new headers or a response body. The issue is mitigated b...
CVE-2017-10784
CVE-2017-10784 affects Ruby’s WEBrick Basic authentication: an attacker can inject terminal escape sequences into WEBrick logs via a crafted username, potentially affecting the attacker’s terminal emulator. Deb and related advisories confirm the vulnerability exists in WEBrick in Ruby versions pr...
CVE-2016-2338
CVE-2016-2338 describes an exploitable heap overflow in Ruby’s Psych::Emitter.start_document where head is allocated based on the tags array length; specially crafted objects in tags can cause the allocation to exceed bounds. Connected advisories confirm this vulnerability and show the fix in Rub...
CVE-2018-6914
CVE-2018-6914 is a directory traversal vulnerability in Ruby’s tmpdir library (Dir.mktmpdir). The flaw allows an attacker to create arbitrary directories or files via a “..” in the prefix argument. Affected Ruby versions: before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, ...
CVE-2018-8778
CVE-2018-8778 affects Ruby prior to 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1. It describes a buffer under-read in String#unpack triggered by an attacker-controlled unpacking format, leading to massive information disclosure. Affected platforms include...
CVE-2017-14033
CVE-2017-14033 is a buffer underrun in the OpenSSL::ASN1 decode path of Ruby’s OpenSSL extension. Reported as a denial of service causing interpreter crash when processing a crafted string. Affected Ruby versions include 2.2.x prior to 2.2.8, 2.3.x prior to 2.3.5, and 2.4.x up to 2.4.1. Mitigatio...
CVE-2022-28738
Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2 contains a double-free in the Regexp compiler when compiling a Regexp from untrusted user input, potentially allowing memory corruption. The issue is fixed in Ruby 3.0.4 and 3.1.2+; affected releases include Ruby 3.x up to those pre-fix versions. Sever...
CVE-2018-8779
CVE-2018-8779 is a Ruby vulnerability in which UNIXServer.open and UNIXSocket.open did not check for NULL (NUL) bytes in the path, potentially creating an unintended socket. Public details in the provided documents show affected series include Ruby 2.2.x prior to 2.2.10, 2.3.x prior to 2.3.7, 2.4...
CVE-2017-9225
Oniguruma 6.2.0 (as used in Ruby via oniguruma-mod through Ruby 2.4.1 and mbstring in PHP through 7.1.5) contains CVE-2017-9225, a stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() and related unicode handling, with Code point 0xFFFFFFFF not properly handled in unicode_unf...
CVE-2018-8777
CVE-2018-8777 affects Ruby WEBrick: sending a large HTTP request or crafted body to WEBrick can cause memory-based denial of service. Affected Ruby branches include 2.2.x before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1. Mitigation is upgrading to the ...
CVE-2017-9229
CVE-2017-9229 affects Oniguruma 6.2.0 (as used by Oniguruma-mod in Ruby up to 2.4.1 and mbstring in PHP up to 7.1.5). A SIGSEGV can occur in left_adjust_char_head() during regular expression compilation due to invalid handling of reg->dmax in forward_search_range(), which may yield an invalid ...
CVE-2017-14064
CVE-2017-14064 affects Ruby before the fixed versions: Ruby 2.2.7 and earlier (2.2.x), 2.3.0–2.3.4, and 2.4.0–2.4.1. Root cause is a strdup-based bug in ext/json/ext/generator/generator.c that stops at the first NUL byte, returning a string of length zero while space_len indicates otherwise, expo...
CVE-2015-1855
CVE-2015-1855 affects Ruby’s OpenSSL hostname matching: the OpenSSL extension fails to validate hostnames, allowing server spoofing. Affected: Ruby/OpenSSL before 2.0.0 patchlevel 645; 2.1.x before 2.1.6; 2.2.x before 2.2.2. Root cause: permissive hostname matching (wildcards, IDNA, case, non‑ASC...
CVE-2017-0898
CVE-2017-0898 affects Ruby older branches (before 2.4.2, 2.3.5, and 2.2.8) and is caused by a buffer underrun in Kernel.sprintf, leading to heap memory corruption and potential information disclosure from the heap or application instability. The issue is not restricted to a single product; it app...
CVE-2017-17790
CVE-2017-17790 affects Ruby up to 2.4.3 and is caused by the lazy_initialize function in lib/resolv.rb calling Kernel#open, which may allow command injection. The vulnerability can be triggered by a Resolv::Hosts::new argument that begins with a leading '|' character. The description notes this i...
CVE-2013-4073
Summary (CVE-2013-4073): The OpenSSL hostname verification in Ruby’s SSL client is broken due to improper handling of a ‘\0’ character in the Subject Alternative Name of X.509 certificates, enabling MITM spoofing via certificates issued by legitimate CAs. Affected: Ruby OpenSSL client implementat...
CVE-2011-4815
CVE-2011-4815 affects Ruby (CRuby) and is caused by a hash function implementation that allows predictable hash collisions, enabling context-dependent attackers to cause a denial of service through CPU consumption when Ruby hashes are fed crafted input. Connected advisories confirm multiple vendo...
CVE-2013-0256
CVE-2013-0256 affects Ruby’s RDoc/darkfish.js: XSS via crafted URLs in RDoc-generated documentation. Affected: darkfish.js handling in RDoc versions 2.3.0–3.12 and 4.x before 4.0.0.preview2.1. Impact: remote script execution in the context of the user’s session when documentation is viewed over t...
CVE-2016-2339
CVE-2016-2339 involves an exploitable heap overflow in Ruby’s Fiddle::Function.new initialize. The heap buffer arg_types allocation is sized based on the length of the args array; a specially crafted object inside the args array can increase the array size after allocation, causing a heap overflo...
CVE-2016-2337
CVE-2016-2337 fixes a type confusion in Ruby’s TclTkIp._cancel_eval method. An attacker could cause arbitrary code execution by passing a non-String as the retval argument. Public advisories (e.g., MiracleLinux AXSA-2025-10964:04) reference this CVE and note a fix to prevent the type confusion; t...
CVE-2021-28966
CVE-2021-28966 affects Ruby up to 3.0 on Windows. A remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir, enabling path-related manipulation. Root cause: how TmpDir parameter is processed in web contexts (no details beyond this in the provided documents...
CVE-2014-8080
CVE-2014-8080 affects the REXML XML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4, where specially crafted XML can cause a denial of service via XML Entity Expansion (XEE). Affected Ruby versions are vulnerable to memory (and CPU) exhaustion. Remediation ...
CVE-2013-1821
CVE-2013-1821 is an XML Entity Expansion (XEE) denial-of-service vulnerability in the REXML parser of Ruby. The provided sources confirm affected Ruby/REXML configurations across multiple lines: Ruby before 1.9.3-p392 (initial description) and extended references indicate the issue affects 1.9.x ...
CVE-2015-9096
CVE-2015-9096 affects Net::SMTP in Ruby prior to 2.4.0, allowing SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands, demonstrated around a DATA substring. The vulnerability applies to Ruby’s Net::SMTP implementation and, per the initial description, is fixed in Ruby 2.4.0 ...
CVE-2013-4164
Ruby CVE-2013-4164 is a heap-based buffer overflow in numeric conversion from strings to floating point values, enabling a denial of service and potential remote code execution. Affected are Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revisi...
CVE-2014-4975
CVE-2014-4975 is an off-by-one stack-based buffer overflow in the encodes() function (pack.c) of Ruby 1.9.3 and earlier, and 2.x through 2.1.2, triggered by certain format string specifiers. This can cause a denial of service via segmentation fault. Connected advisories note this Ruby pack() issu...
CVE-2012-4522
CVE-2012-4522 affects Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163, where a NUL byte in a file path enables context‑dependent attackers to create files in unintended locations or with unexpected names. The issue arises from rb_get_path_check in file.c and is confirmed by multiple...
CVE-2009-5147
CVE-2009-5147 affects Ruby’s DL::dlopen by allowing libraries with tainted names to be opened on several Ruby releases (1.8, 1.9.x, 2.0.0 pre-patch 648, and 2.1 pre-2.1.8). Connected materials document a regression in later Ruby/fiddle handling (CVE-2015-7551) that ties back to this regression an...
CVE-2014-8090
The CVE-2014-8090 issue is a vulnerability in Ruby’s REXML XML parser that can be exploited via crafted XML documents containing an empty string in repeated nested entities, causing CPU and memory exhaustion (XEE). Affected are Ruby 1.9.x before 1.9.3 patchlevel 551, Ruby 2.0.x before 2.0.0 patch...
CVE-2012-5371
CVE-2012-5371 affects Ruby (CRuby) 1.9 prior to 1.9.3-p327 and 2.0 prior to r37575. The issue is that hash values can be triggered for collisions without proper restriction, enabling context-dependent attackers to cause CPU-driven denial of service via crafted input to hash-table data structures,...
CVE-2011-0188
CVE-2011-0188 concerns memory allocation in the BigDecimal implementation (bigdecimal.c) for Ruby 1.9.2-p136 and earlier, used on macOS before 10.6.7 and other platforms. The issue is that VpMemAlloc may misallocate memory for very large BigDecimal values in 64-bit processes, enabling context-dep...