Lucene search
K

4 matches found

CVE
CVE
added 2020/10/06 12:0 a.m.716 views

CVE-2020-25613

CVE-2020-25613 affects Ruby’s WEBrick HTTP server: transfer-encoding header handling was not sufficiently validated, potentially allowing HTTP Request Smuggling by an attacker bypassing a misconfigured reverse proxy. The issue is present in Ruby versions up to 2.5.8, 2.6.x up to 2.6.6, and 2.7.x ...

7.5CVSS7.7AI score0.03849EPSS
CVE
CVE
added 2020/05/04 2:54 p.m.392 views

CVE-2020-10933

CVE-2020-10933 affects the Ruby interpreter (2.5.x up to 2.5.7, 2.6.x up to 2.6.5, and 2.7.0). The issue occurs in BasicSocket#read_nonblock where the buffer is resized to the requested size but no data is copied, causing the buffer to expose the previous heap contents and potentially expose sens...

5.3CVSS6.1AI score0.02564EPSS
CVE
CVE
added 2020/02/28 4:55 p.m.306 views

CVE-2020-5247

CVE-2020-5247 is a HTTP Response Splitting vulnerability affecting Puma (RubyGem) in versions prior to 4.3.2 and 3.12.3 when untrusted input reaches response headers. An attacker could inject CR/LF sequences to terminate a header and inject new headers or a response body. The issue is mitigated b...

7.5CVSS6.7AI score0.02487EPSS
CVE
CVE
added 2020/02/14 12:0 a.m.284 views

CVE-2016-2338

CVE-2016-2338 describes an exploitable heap overflow in Ruby’s Psych::Emitter.start_document where head is allocated based on the tags array length; specially crafted objects in tags can cause the allocation to exceed bounds. Connected advisories confirm this vulnerability and show the fix in Rub...

9.8CVSS9.5AI score0.04644EPSS