Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang cgi 0.3.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-41816
CGI.escape_html in Ruby prior to 2.7.5 and 3.x prior to 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem prior to 0.3.1 for Ruby.
Ruby-lang Cgi
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.5
CVSSv3
CVE-2021-41819
CGI::Cookie.parse in Ruby up to and including 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem up to and including 0.3.0 for Ruby.
Ruby-lang Ruby
Ruby-lang Cgi 0.3.0
Ruby-lang Cgi 0.2.0
Ruby-lang Cgi 0.1.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Suse Linux Enterprise 12.0
Suse Linux Enterprise 15.0
Suse Linux Enterprise 11.0
Opensuse Factory -
Opensuse Leap 15.2
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.5
CVSSv3
CVE-2021-41817
Date.parse in the date gem up to and including 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
Ruby-lang Date
Ruby-lang Date 3.2.0
Ruby-lang Ruby
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Suse Linux Enterprise 12.0
Suse Linux Enterprise 15.0
Opensuse Factory -
Opensuse Leap 15.2
7.5
CVSSv3
CVE-2019-16201
WEBrick::HTTPAuth::DigestAuth in Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Intern...
Ruby-lang Ruby
Debian Debian Linux 8.0
2 Github repositories
5.3
CVSSv3
CVE-2019-16254
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a he...
Ruby-lang Ruby
Debian Debian Linux 8.0
8.1
CVSSv3
CVE-2019-16255
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to cal...
Ruby-lang Ruby
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.1
Oracle Graalvm 19.3.0.2
6.5
CVSSv3
CVE-2019-15845
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 mishandles path checking within File.fnmatch functions.
Ruby-lang Ruby
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started