Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-17268
The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions up to and including 0.4.5, and 0.5.1 and later, are unaffected.
Omniauth-weibo-oauth2 Project Omniauth-weibo-oauth2 0.4.6
1 Github repository
7.5
CVSSv2
CVE-2020-7981
sql.rb in Geocoder prior to 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.
Rubygeocoder Geocoder
7.5
CVSSv2
CVE-2015-2784
The papercrop gem prior to 0.3.0 for Ruby on Rails does not properly handle crop input.
Papercrop Project Papercrop
7.5
CVSSv2
CVE-2011-4121
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on stron...
Ruby-lang Ruby
7.5
CVSSv2
CVE-2011-5330
Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls.
Distributed Ruby Project Distributed Ruby 1.8
1 Github repository
7.5
CVSSv2
CVE-2011-5331
Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval.
Distributed Ruby Project Distributed Ruby 1.8
7.5
CVSSv2
CVE-2019-18841
Chartkick.js 3.1.0 up to and including 3.1.3, as used in the Chartkick gem prior to 3.3.0 for Ruby, allows prototype pollution.
Chartkick Chartkick.js
7.5
CVSSv2
CVE-2010-2446
Rbot Reaction plugin allows command execution
Ruby-rbot Rbot -
7.5
CVSSv2
CVE-2019-17383
The netaddr gem prior to 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.
Netaddr Project Netaddr
7.5
CVSSv2
CVE-2019-16377
The makandra consul gem up to and including 1.0.2 for Ruby has Incorrect Access Control.
Makandra Consul
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »