Ruby Security Vulnerabilities and Issues — Ruby CVE List

Lucene search

Ruby-langRuby

9 matches found

CVE•added 2019/11/26 5:15 p.m.•399 views

CVE-2019-15845

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.

6.5CVSS7.1AI score0.00377EPSS

CVE•added 2013/08/18 2:52 a.m.•138 views

CVE-2013-4073

The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-t...

6.8CVSS6.1AI score0.02394EPSS

CVE•added 2017/06/12 8:29 p.m.•104 views

CVE-2015-9096

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.

6.1CVSS6.8AI score0.01297EPSS

CVE•added 2013/11/23 7:55 p.m.•87 views

CVE-2013-4164

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to...

6.8CVSS6.3AI score0.11056EPSS

CVE•added 2011/03/23 2:0 a.m.•78 views

CVE-2011-0188

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (applicatio...

6.8CVSS5.7AI score0.02613EPSS

CVE•added 2011/03/02 8:0 p.m.•74 views

CVE-2011-1004

The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.

6.3CVSS7.9AI score0.0005EPSS

CVE•added 2013/11/02 7:55 p.m.•72 views

CVE-2013-2065

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.

6.4CVSS5.5AI score0.0035EPSS

CVE•added 2009/02/20 6:47 a.m.•52 views

CVE-2009-0642

ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate.

6.8CVSS6.3AI score0.01455EPSS

CVE•added 2012/10/11 10:51 a.m.•40 views

CVE-2012-5380

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by a...

6.7CVSS6.8AI score0.00347EPSS