Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubygems vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2013-1875
command_wrap.rb in the command_wrap Gem for Ruby allows remote malicious users to execute arbitrary commands via shell metacharacters in a URL or filename.
Rubygems Command Wrap -
605
VMScore
CVE-2019-8324
An issue exists in RubyGems 2.6 and later up to and including 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinsta...
Rubygems Rubygems
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Redhat Enterprise Linux 8.0
668
VMScore
CVE-2013-2616
lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote malicious users to execute arbitrary commands via shell metacharacters in a URL.
Rubygems Mini Magick 1.3.1
570
VMScore
CVE-2012-6135
RubyGems passenger 4.0.0 betas 1 and 2 allows remote malicious users to delete arbitrary files during the startup process.
Phusion Passenger 4.0.0
Redhat Openshift 1.0
578
VMScore
CVE-2020-15244
In Magento (rubygems openmage/magento-lts package) prior to 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.
Openmage Magento
383
VMScore
CVE-2015-9096
Net::SMTP in Ruby prior to 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Ruby-lang Ruby
383
VMScore
CVE-2021-29435
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an malicious user to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin ...
552
VMScore
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 prior to 2.8.7, Puppet prior to 2.7.26 and 3.x prior to 3.6.2, Facter 1.6.x and 2.x prior to 2.0.2, Hiera prior to 1.3.4, and Mcollective prior to 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to ga...
Puppetlabs Facter
Puppet Facter 2.0.1
Puppet Facter 2.0.0
Puppet Marionette Collective
Puppet Hiera
Puppet Puppet
Puppet Puppet Enterprise
516
VMScore
CVE-2020-15240
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an malicious user to bypass authentication and authorization. You are a...
Auth0 Omniauth-auth0
NA
CVE-2023-28102
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit `91e13043ffa` the `encoder.rb` file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library ...
Discordrb Project Discordrb
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »