Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang ruby vulnerabilities and exploits
(subscribe to this query)
695
VMScore
CVE-2019-16201
WEBrick::HTTPAuth::DigestAuth in Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Intern...
Ruby-lang Ruby
Debian Debian Linux 8.0
2 Github repositories
605
VMScore
CVE-2019-16255
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to cal...
Ruby-lang Ruby
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.1
Oracle Graalvm 19.3.0.2
445
VMScore
CVE-2019-16254
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a he...
Ruby-lang Ruby
Debian Debian Linux 8.0
570
VMScore
CVE-2019-15845
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 mishandles path checking within File.fnmatch functions.
Ruby-lang Ruby
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
668
VMScore
CVE-2011-4121
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on stron...
Ruby-lang Ruby
445
VMScore
CVE-2011-3624
Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and previous versions do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote malicious users to inject arbitrary text into log files or bypass inten...
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9.2
187
VMScore
CVE-2013-1945
ruby193 uses an insecure LD_LIBRARY_PATH setting.
Ruby-lang Ruby193 -
187
VMScore
CVE-2019-11879
The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore i...
Ruby-lang Webrick 1.4.2
445
VMScore
CVE-2014-6438
The URI.decode_www_form_component method in Ruby prior to 1.9.2-p330 allows remote malicious users to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
Ruby-lang Ruby
668
VMScore
CVE-2017-11465
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows malicious users to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might h...
Ruby-lang Ruby 2.4.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »