Lucene search
+L
Ruby-langRuby

5 matches found

CVE
CVE
added 2022/11/18 12:0 a.m.942 views

CVE-2021-33621

The CVE-2021-33621 entry concerns the Ruby CGI gem: HTTP response splitting in cgi-gem versions before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5. The underlying issue is in how untrusted input can affect an HTTP response or CGI::Cookie creation, enabling response-splitting exploits. Aff...

8.8CVSS8.6AI score0.02287EPSS
CVE
CVE
added 2019/11/26 12:0 a.m.452 views

CVE-2019-16255

CVE-2019-16255 affects Ruby up to 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4, enabling code injection via the first argument to Shell#[] or Shell#test when data is untrusted. Connected advisories confirm this vulnerability and list affected JRuby/Ruby variants, with remediation by upgrading ...

8.1CVSS8.2AI score0.04187EPSS
CVE
CVE
added 2018/11/16 6:0 p.m.330 views

CVE-2018-16396

CVE-2018-16396 is a taint propagation issue in Ruby: certain formats used when unpacking tainted strings do not propagate taint correctly. Affected versions are Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. The root cause is that unpacked strings deri...

8.1CVSS7.3AI score0.07968EPSS
CVE
CVE
added 2016/03/24 1:0 a.m.110 views

CVE-2015-7551

CVE-2015-7551 affects Ruby versions before the patch, where Fiddle::Handle in ext/fiddle/handle.c mishandles tainting, allowing context-dependent attackers to cause arbitrary code execution or a crash via a tainted string. The vulnerability stems from taint handling in the DL/libffi-related path ...

8.4CVSS6.7AI score0.005EPSS
CVE
CVE
added 2026/05/22 12:0 a.m.37 views

CVE-2026-46727

Ruby 4 before 4.0.5 contains a race condition that can cause a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c). A remote attacker able to delay DNS responses near the user-specified timeout could crash a Ruby process calling Addrinfo.geta...

8.1CVSS5.8AI score0.00478EPSS