Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
446
VMScore
CVE-2016-5697
Ruby-saml prior to 1.3.0 allows malicious users to perform XML signature wrapping attacks via unspecified vectors.
Onelogin Ruby-saml
2 Github repositories
383
VMScore
CVE-2018-3769
ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter.
Ruby-grape Grape
668
VMScore
CVE-2017-11428
OneLogin Ruby-SAML 1.6.0 and previous versions may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potent...
Onelogin Ruby-saml
2 Github repositories
NA
CVE-2022-45301
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.
Chocolatey Chocolatey Ruby
NA
CVE-2023-36617
A ReDoS issue exists in the URI component prior to 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exist...
Ruby-lang Uri
1 Github repository
445
VMScore
CVE-2014-9490
The numtok function in lib/raven/okjson.rb in the raven-ruby gem prior to 0.12.2 for Ruby allows remote malicious users to cause a denial of service via a large exponent value in a scientific number.
Getsentry Raven-ruby
890
VMScore
CVE-2019-11027
Ruby OpenID (aka ruby-openid) up to and including 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the...
Openid Ruby-openid
668
VMScore
CVE-2010-2446
Rbot Reaction plugin allows command execution
Ruby-rbot Rbot -
383
VMScore
CVE-2013-4363
Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems prior to 1.8.23.2, 1.8.24 up to and including 1.8.26, 2.0.x prior to 2.0.10, and 2.1.x prior to 2.1.5, as used in Ruby 1.9.0 up to and including 2.0.0p247, allows...
Rubygems Rubygems 2.1.4
Rubygems Rubygems
Rubygems Rubygems 2.0.2
Rubygems Rubygems 2.0.3
Rubygems Rubygems 1.8.24
Rubygems Rubygems 1.8.25
Rubygems Rubygems 1.8.13
Rubygems Rubygems 1.8.14
Rubygems Rubygems 1.8.21
Rubygems Rubygems 1.8.22
Rubygems Rubygems 1.8.9
Rubygems Rubygems 2.1.0
Rubygems Rubygems 2.0.0
Rubygems Rubygems 2.0.4
Rubygems Rubygems 2.0.5
Rubygems Rubygems 1.8.26
Rubygems Rubygems 1.8.0
Rubygems Rubygems 1.8.15
Rubygems Rubygems 1.8.16
Rubygems Rubygems 1.8.17
Rubygems Rubygems 1.8.3
Rubygems Rubygems 1.8.4
446
VMScore
CVE-2021-41819
CGI::Cookie.parse in Ruby up to and including 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem up to and including 0.3.0 for Ruby.
Ruby-lang Ruby
Ruby-lang Cgi 0.3.0
Ruby-lang Cgi 0.2.0
Ruby-lang Cgi 0.1.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Suse Linux Enterprise 12.0
Suse Linux Enterprise 15.0
Suse Linux Enterprise 11.0
Opensuse Factory -
Opensuse Leap 15.2
Fedoraproject Fedora 34
Fedoraproject Fedora 35
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »