Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang ruby vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-36617
A ReDoS issue exists in the URI component prior to 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exist...
Ruby-lang Uri
1 Github repository
5.3
CVSSv3
CVE-2023-28755
A ReDoS issue exists in the URI component up to and including 0.12.0 in Ruby up to and including 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1,...
Ruby-lang Uri 0.12.0
Ruby-lang Uri 0.10.1
Ruby-lang Uri
Ruby-lang Uri 0.11.0
Debian Debian Linux 10.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
5.3
CVSSv3
CVE-2023-28756
A ReDoS issue exists in the Time component up to and including 0.2.1 in Ruby up to and including 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1...
Ruby-lang Time 0.2.1
Ruby-lang Time 0.1.0
Ruby-lang Ruby
Debian Debian Linux 10.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
8.8
CVSSv3
CVE-2021-33621
The cgi gem prior to 0.1.0.2, 0.2.x prior to 0.2.2, and 0.3.x prior to 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
Ruby-lang Cgi
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Ruby-lang Ruby
9.8
CVSSv3
CVE-2016-2338
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags ar...
Ruby-lang Ruby 2.3.0
Ruby-lang Ruby 2.2.2
Debian Debian Linux 8.0
1 Github repository
9.8
CVSSv3
CVE-2022-28738
A double free was found in the Regexp compiler in Ruby 3.x prior to 3.0.4 and 3.1.x prior to 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
Ruby-lang Ruby
7.5
CVSSv3
CVE-2022-28739
There is a buffer over-read in Ruby prior to 2.6.10, 2.7.x prior to 2.7.6, 3.x prior to 3.0.4, and 3.1.x prior to 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
Ruby-lang Ruby
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Apple Macos
9.8
CVSSv3
CVE-2021-41816
CGI.escape_html in Ruby prior to 2.7.5 and 3.x prior to 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem prior to 0.3.1 for Ruby.
Ruby-lang Cgi
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.5
CVSSv3
CVE-2021-41819
CGI::Cookie.parse in Ruby up to and including 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem up to and including 0.3.0 for Ruby.
Ruby-lang Ruby
Ruby-lang Cgi 0.3.0
Ruby-lang Cgi 0.2.0
Ruby-lang Cgi 0.1.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Suse Linux Enterprise 12.0
Suse Linux Enterprise 15.0
Suse Linux Enterprise 11.0
Opensuse Factory -
Opensuse Leap 15.2
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.5
CVSSv3
CVE-2021-41817
Date.parse in the date gem up to and including 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
Ruby-lang Date
Ruby-lang Date 3.2.0
Ruby-lang Ruby
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Suse Linux Enterprise 12.0
Suse Linux Enterprise 15.0
Opensuse Factory -
Opensuse Leap 15.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »