Lucene search
K

7 matches found

CVE
CVE
added 2019/11/26 4:45 p.m.448 views

CVE-2019-15845

CVE-2019-15845 is a Ruby vulnerability where File.fnmatch and File.fnmatch? mishandled strings containing NULL bytes, enabling a remote attacker to access unexpected files and bypass filesystem restrictions in affected Ruby versions (Ruby 2.4.7 and earlier; 2.5.x up to 2.5.6; 2.6.x up to 2.6.4). ...

6.5CVSS7.1AI score0.03317EPSS
CVE
CVE
added 2019/11/26 12:0 a.m.447 views

CVE-2019-16255

CVE-2019-16255 affects Ruby up to 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4, enabling code injection via the first argument to Shell#[] or Shell#test when data is untrusted. Connected advisories confirm this vulnerability and list affected JRuby/Ruby variants, with remediation by upgrading ...

8.1CVSS8.2AI score0.04221EPSS
CVE
CVE
added 2019/11/26 12:0 a.m.444 views

CVE-2019-16201

CVE-2019-16201 affects Ruby’s WEBrick DigestAuth implementations across multiple Ruby branches (up to 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4). The issue is a regular-expression Denial of Service caused by backtracking in DigestAuth, requiring a WEBrick server exposed to the Internet or a...

7.8CVSS7.6AI score0.05128EPSS
CVE
CVE
added 2019/11/26 12:0 a.m.408 views

CVE-2019-16254

CVE-2019-16254 (HTTP Response Splitting) affects Ruby WEBrick in versions up to 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4. The issue arises when untrusted input is inserted into HTTP response headers, enabling CRLF/header injection and potentially malicious content. It is noted as a follow-...

5.3CVSS6.8AI score0.04569EPSS
CVE
CVE
added 2019/11/29 8:46 p.m.201 views

CVE-2015-1855

CVE-2015-1855 affects Ruby’s OpenSSL hostname matching: the OpenSSL extension fails to validate hostnames, allowing server spoofing. Affected: Ruby/OpenSSL before 2.0.0 patchlevel 645; 2.1.x before 2.1.6; 2.2.x before 2.2.2. Root cause: permissive hostname matching (wildcards, IDNA, case, non‑ASC...

5.9CVSS5.5AI score0.02815EPSS
CVE
CVE
added 2019/11/26 4:35 a.m.110 views

CVE-2011-4121

The CVE-2011-4121 entry concerns the OpenSSL extension in Ruby’s Git trunk (versions after 2011-09-01 through 2011-11-03) where private RSA key generation used a constant exponent value of '1'. This flaw could allow a remote attacker to bypass or corrupt integrity of services relying on generated...

9.8CVSS9.3AI score0.02529EPSS
CVE
CVE
added 2019/11/26 2:50 a.m.88 views

CVE-2011-3624

CVE-2011-3624 affects WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier. The vulnerability arises because these methods do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers, which could allow remote attackers to inject arbitrary text into log files or to byp...

5.3CVSS5.3AI score0.01521EPSS