Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-28965
The REXML gem prior to 3.2.5 in Ruby prior to 2.6.7, 2.7.x prior to 2.7.3, and 3.x prior to 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
Ruby-lang Ruby
Ruby-lang Rexml
Fedoraproject Fedora 34
2 Github repositories
5
CVSSv2
CVE-2020-25613
An issue exists in Ruby up to and including 2.5.8, 2.6.x up to and including 2.6.6, and 2.7.x up to and including 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue ...
Ruby-lang Ruby
Ruby-lang Webrick
Fedoraproject Fedora 32
Fedoraproject Fedora 33
5
CVSSv2
CVE-2020-10933
An issue exists in Ruby 2.5.x up to and including 2.5.7, 2.6.x up to and including 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the bu...
Ruby-lang Ruby
Ruby-lang Ruby 2.7.0
Fedoraproject Fedora 31
Debian Debian Linux 10.0
5
CVSSv2
CVE-2020-5247
In Puma (RubyGem) prior to 4.3.2 and prior to 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an e...
Ruby-lang Ruby
Puma Puma
Ruby-lang Ruby 2.7.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
5
CVSSv2
CVE-2019-16254
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a he...
Ruby-lang Ruby
Debian Debian Linux 8.0
5
CVSSv2
CVE-2011-3624
Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and previous versions do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote malicious users to inject arbitrary text into log files or bypass inten...
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9.2
5
CVSSv2
CVE-2014-6438
The URI.decode_www_form_component method in Ruby prior to 1.9.2-p330 allows remote malicious users to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
Ruby-lang Ruby
5
CVSSv2
CVE-2017-9229
An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_rang...
Oniguruma Project Oniguruma 6.2.0
Ruby-lang Ruby
Php Php
5
CVSSv2
CVE-2017-6181
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote malicious users to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
Ruby-lang Ruby 2.4.0
5
CVSSv2
CVE-2015-3900
RubyGems 2.0.x prior to 2.0.16, 2.2.x prior to 2.2.4, and 2.4.x prior to 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote malicious users to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hij...
Ruby-lang Ruby 2.1.1
Ruby-lang Ruby 2.1.2
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 2.1
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 2.1.5
Ruby-lang Ruby 2.2.0
Ruby-lang Ruby 1.9
Ruby-lang Ruby 2.1.3
Ruby-lang Ruby 2.1.4
Rubygems Rubygems 2.0.1
Rubygems Rubygems 2.0.2
Rubygems Rubygems 2.0.3
Rubygems Rubygems 2.0.10
Rubygems Rubygems 2.0.11
Rubygems Rubygems 2.2.2
Rubygems Rubygems 2.2.3
Rubygems Rubygems 2.0.4
Rubygems Rubygems 2.0.5
Rubygems Rubygems 2.0.12
1 Github repository
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »