Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2022-30123
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
Rack Project Rack
Debian Debian Linux 11.0
10
CVSSv3
CVE-2015-7541
The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem prior to 0.0.5 for Ruby allows context-dependent malicious users to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.
Colorscore Project Colorscore
9.8
CVSSv3
CVE-2024-21654
Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an malicious user to bypass the ...
Rubygems Rubygems.org
9.8
CVSSv3
CVE-2013-2513
The flash_tool gem up to and including 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file.
Milboj Flash Tool
9.8
CVSSv3
CVE-2023-40175
Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is ...
Puma Puma
1 Github repository
9.8
CVSSv3
CVE-2015-20108
xml_security.rb in the ruby-saml gem prior to 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
Onelogin Ruby-saml
9.8
CVSSv3
CVE-2022-36231
pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3.
Newspaperclub Pdf Info 0.5.3
1 Github repository
9.8
CVSSv3
CVE-2022-48337
GNU Emacs up to and including 28.2 allows malicious users to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "...
Gnu Emacs
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2016-2338
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags ar...
Ruby-lang Ruby 2.3.0
Ruby-lang Ruby 2.2.2
Debian Debian Linux 8.0
1 Github repository
9.8
CVSSv3
CVE-2022-32511
jmespath.rb (aka JMESPath for Ruby) prior to 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
Jmespath Project Jmespath
Fedoraproject Fedora 35
Fedoraproject Fedora 36
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »