Filtered by vendor Ruby-lang
Subscriptions
Filtered by product Ruby
Subscriptions
Total
108 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31810 | 5 Debian, Fedoraproject, Oracle and 2 more | 8 Debian Linux, Fedora, Jd Edwards Enterpriseone Tools and 5 more | 2024-08-03 | 5.8 Medium |
| An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). | ||||
| CVE-2021-31799 | 4 Debian, Oracle, Redhat and 1 more | 8 Debian Linux, Jd Edwards Enterpriseone Tools, Enterprise Linux and 5 more | 2024-08-03 | 7.0 High |
| In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | ||||
| CVE-2021-28966 | 2 Microsoft, Ruby-lang | 2 Windows, Ruby | 2024-08-03 | 7.5 High |
| In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. | ||||
| CVE-2021-28965 | 3 Fedoraproject, Redhat, Ruby-lang | 7 Fedora, Enterprise Linux, Rhel E4s and 4 more | 2024-08-03 | 7.5 High |
| The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. | ||||
| CVE-2022-28738 | 2 Redhat, Ruby-lang | 3 Enterprise Linux, Rhel Software Collections, Ruby | 2024-08-03 | 9.8 Critical |
| A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations. | ||||
| CVE-2022-28739 | 4 Apple, Debian, Redhat and 1 more | 5 Macos, Debian Linux, Enterprise Linux and 2 more | 2024-08-03 | 7.5 High |
| There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. | ||||
| CVE-2023-28756 | 4 Debian, Fedoraproject, Redhat and 1 more | 6 Debian Linux, Fedora, Enterprise Linux and 3 more | 2024-08-02 | 5.3 Medium |
| A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. | ||||
| CVE-2023-22795 | 4 Debian, Redhat, Ruby-lang and 1 more | 4 Debian Linux, Satellite, Ruby and 1 more | 2024-08-02 | 7.5 High |
| A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. | ||||