Lucene search
K
Ruby-langRuby

5 matches found

CVE
CVE
added 2013/03/01 2:0 a.m.149 views

CVE-2013-0256

CVE-2013-0256 affects Ruby’s RDoc/darkfish.js: XSS via crafted URLs in RDoc-generated documentation. Affected: darkfish.js handling in RDoc versions 2.3.0–3.12 and 4.x before 4.0.0.preview2.1. Impact: remote script execution in the context of the user’s session when documentation is viewed over t...

4.3CVSS5.2AI score0.03622EPSS
CVE
CVE
added 2007/10/01 12:0 a.m.111 views

CVE-2007-5162

CVE-2007-5162 affects Ruby 1.8.5/1.8.6: Net::HTTP and Net::HTTPS do not verify the server certificate CN against the requested domain, enabling MITM or spoofed sites. The connected MiracleLinux advisory ( AXSA-2007-63:01 ) reiterates the flaw across multiple Net modules (including Net::HTTP/Net::...

4.3CVSS6.4AI score0.01681EPSS
CVE
CVE
added 2013/10/17 11:0 p.m.101 views

CVE-2013-4287

CVE-2013-4287 represents an algorithmic complexity DoS in RubyGems via an unsafe regular expression in Gem::Version::VERSION_PATTERN. Affected RubyGems versions include pre-1.8.23.1, 1.8.24–1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0 (per upstream and advisories); note that an incomplete f...

4.3CVSS5.4AI score0.03343EPSS
CVE
CVE
added 2013/05/02 2:0 p.m.90 views

CVE-2012-4481

CVE-2012-4481 affects Ruby 1.8.x where the safe-level feature allows context-dependent attackers to modify strings via NameError#to_s, noted as a follow-up to an incomplete fix for CVE-2011-1005. Connected advisories show affected Ruby 1.8.5/1.8.7 variants in MiracleLinux and EulerOS environments...

4.3CVSS5.7AI score0.01941EPSS
CVE
CVE
added 2013/10/17 11:0 p.m.89 views

CVE-2013-4363

RubyGems CVE-2013-4363 is a REGEX backtracking DoS vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN. Affected are RubyGems versions prior to 1.8.23.2, 1.8.24–1.8.26, 2.0.x prior to 2.0.10, and 2.1.x prior to 2.1.5, when parsing gem version strings (used with Ruby 1.9.0–2.0.0p247). The issu...

4.3CVSS5.5AI score0.0169EPSS