Ruby 3.2 Uri Security Vulnerabilities and Issues — Ruby 3.2 Uri CVE List

Lucene search

RubyRuby 3.2 Uri

3 matches found

CVE•added 2020/02/24 3:15 p.m.•357 views

CVE-2020-8130

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |.

6.9CVSS6.6AI score0.0007EPSS

CVE•added 2019/11/29 9:15 p.m.•155 views

CVE-2015-1855

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) c...

5.9CVSS5.5AI score0.01749EPSS

CVE•added 2019/11/26 3:15 a.m.•73 views

CVE-2011-3624

Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted h...

5.3CVSS5.3AI score0.00577EPSS