Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang ruby vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2007-5162
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote malicious users to ...
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.6
5
CVSSv2
CVE-2011-3624
Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and previous versions do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote malicious users to inject arbitrary text into log files or bypass inten...
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9.2
7.5
CVSSv2
CVE-2016-2336
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
Ruby-lang Ruby 2.3.0
Ruby-lang Ruby 2.2.2
7.5
CVSSv2
CVE-2016-2337
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
Ruby-lang Ruby 2.2.2
Ruby-lang Ruby 2.3.0
7.8
CVSSv2
CVE-2008-4310
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote malicious users to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.1
1 EDB exploit
5
CVSSv2
CVE-2021-28965
The REXML gem prior to 3.2.5 in Ruby prior to 2.6.7, 2.7.x prior to 2.7.3, and 3.x prior to 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
Ruby-lang Ruby
Ruby-lang Rexml
Fedoraproject Fedora 34
2 Github repositories
NA
CVE-2016-2338
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags ar...
Ruby-lang Ruby 2.3.0
Ruby-lang Ruby 2.2.2
Debian Debian Linux 8.0
1 Github repository
NA
CVE-2023-28755
A ReDoS issue exists in the URI component up to and including 0.12.0 in Ruby up to and including 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1,...
Ruby-lang Uri 0.12.0
Ruby-lang Uri 0.10.1
Ruby-lang Uri
Ruby-lang Uri 0.11.0
Debian Debian Linux 10.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
5
CVSSv2
CVE-2020-25613
An issue exists in Ruby up to and including 2.5.8, 2.6.x up to and including 2.6.6, and 2.7.x up to and including 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue ...
Ruby-lang Ruby
Ruby-lang Webrick
Fedoraproject Fedora 32
Fedoraproject Fedora 33
5
CVSSv2
CVE-2020-10933
An issue exists in Ruby 2.5.x up to and including 2.5.7, 2.6.x up to and including 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the bu...
Ruby-lang Ruby
Ruby-lang Ruby 2.7.0
Fedoraproject Fedora 31
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »