Ruby@* Security Vulnerabilities and Issues — Ruby@* CVE List

Lucene search

Ruby-langRuby*

3 matches found

CVE•added 2020/10/06 1:15 p.m.•631 views

CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poo...

7.5CVSS7.7AI score0.00221EPSS

CVE•added 2020/05/04 3:15 p.m.•336 views

CVE-2020-10933

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous v...

5.3CVSS6.1AI score0.00288EPSS

CVE•added 2020/02/28 5:15 p.m.•275 views

CVE-2020-5247

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. CR, LF or/r, /n) to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.7AI score0.00919EPSS