Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-18365
The Management Console in GitHub Enterprise 2.8.x prior to 2.8.7 has a deserialization issue that allows unauthenticated remote malicious users to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's ...
Github Github
Github Github 2.8.7
9.8
CVSSv3
CVE-2019-5420
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an malicious user to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a re...
Rubyonrails Rails
Rubyonrails Rails 6.0.0
Debian Debian Linux 8.0
Fedoraproject Fedora 30
1 EDB exploit
17 Github repositories
9.8
CVSSv3
CVE-2014-10075
The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.
Karo Project Karo 2.3.8
9.8
CVSSv3
CVE-2018-3779
active-support ruby gem 5.2.0 could allow a remote malicious user to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.
Activesupport Project Activesupport 5.2.0
9.8
CVSSv3
CVE-2018-10199
In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code.
Mruby Mruby
9.8
CVSSv3
CVE-2018-10191
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute ar...
Mruby Mruby
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2018-8971
The Auth0 integration in GitLab prior to 10.3.9, 10.4.x prior to 10.4.6, and 10.5.x prior to 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
Gitlab Gitlab
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2015-4412
BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem prior to 3.0.4 for Ruby allows remote malicious users to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.
Bson Project Bson 3.0.3
9.8
CVSSv3
CVE-2017-1000248
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
Redis-store Redis-store
9.8
CVSSv3
CVE-2017-0909
The private_address_check ruby gem prior to 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.
Private Address Check Project Private Address Check
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »