5 matches found
CVE-2013-0256
CVE-2013-0256 affects Ruby’s RDoc/darkfish.js: XSS via crafted URLs in RDoc-generated documentation. Affected: darkfish.js handling in RDoc versions 2.3.0–3.12 and 4.x before 4.0.0.preview2.1. Impact: remote script execution in the context of the user’s session when documentation is viewed over t...
CVE-2007-5162
CVE-2007-5162 affects Ruby 1.8.5/1.8.6: Net::HTTP and Net::HTTPS do not verify the server certificate CN against the requested domain, enabling MITM or spoofed sites. The connected MiracleLinux advisory ( AXSA-2007-63:01 ) reiterates the flaw across multiple Net modules (including Net::HTTP/Net::...
CVE-2013-4287
CVE-2013-4287 represents an algorithmic complexity DoS in RubyGems via an unsafe regular expression in Gem::Version::VERSION_PATTERN. Affected RubyGems versions include pre-1.8.23.1, 1.8.24–1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0 (per upstream and advisories); note that an incomplete f...
CVE-2012-4481
CVE-2012-4481 affects Ruby 1.8.x where the safe-level feature allows context-dependent attackers to modify strings via NameError#to_s, noted as a follow-up to an incomplete fix for CVE-2011-1005. Connected advisories show affected Ruby 1.8.5/1.8.7 variants in MiracleLinux and EulerOS environments...
CVE-2013-4363
RubyGems CVE-2013-4363 is a REGEX backtracking DoS vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN. Affected are RubyGems versions prior to 1.8.23.2, 1.8.24–1.8.26, 2.0.x prior to 2.0.10, and 2.1.x prior to 2.1.5, when parsing gem version strings (used with Ruby 1.9.0–2.0.0p247). The issu...