Ruby@3.1.0 Security Vulnerabilities and Issues — Ruby@3.1.0 CVE List

Ruby-langRuby3.1.0

3 matches found

CVE•added 2022/11/18 12:0 a.m.•924 views

CVE-2021-33621

The CVE-2021-33621 entry concerns the Ruby CGI gem: HTTP response splitting in cgi-gem versions before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5. The underlying issue is in how untrusted input can affect an HTTP response or CGI::Cookie creation, enabling response-splitting exploits. Aff...

8.8CVSS8.6AI score0.011EPSS

CVE•added 2022/05/09 12:0 a.m.•542 views

CVE-2022-28739

CVE-2022-28739 describes a buffer over-read during String-to-Float conversion in Ruby. Affected are Ruby versions: 2.6 and earlier, 2.7.x prior to 2.7.6, 3.x prior to 3.0.4, and 3.1.x prior to 3.1.2. The flaw affects conversion paths such as Kernel#Float and String#to_f and can lead to memory saf...

7.5CVSS7.8AI score0.00332EPSS

CVE•added 2022/05/09 12:0 a.m.•244 views

CVE-2022-28738

Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2 contains a double-free in the Regexp compiler when compiling a Regexp from untrusted user input, potentially allowing memory corruption. The issue is fixed in Ruby 3.0.4 and 3.1.2+; affected releases include Ruby 3.x up to those pre-fix versions. Sever...

9.8CVSS9.1AI score0.00459EPSS