Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
695
VMScore
CVE-2019-16201
WEBrick::HTTPAuth::DigestAuth in Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Intern...
Ruby-lang Ruby
Debian Debian Linux 8.0
2 Github repositories
445
VMScore
CVE-2019-16254
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a he...
Ruby-lang Ruby
Debian Debian Linux 8.0
NA
CVE-2022-39224
Arr-pm is an RPM reader/writer library written in Ruby. Versions before 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the `extract` and `files` methods of th...
Ruby-arr-pm Project Ruby-arr-pm
NA
CVE-2023-28756
A ReDoS issue exists in the Time component up to and including 0.2.1 in Ruby up to and including 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1...
Ruby-lang Time 0.2.1
Ruby-lang Time 0.1.0
Ruby-lang Ruby
Debian Debian Linux 10.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
445
VMScore
CVE-2013-7111
The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote malicious users to obtain sensitive information by listing the processes.
Basespace Ruby Sdk Project Basespace Ruby Sdk 0.1.7
516
VMScore
CVE-2021-32066
An issue exists in Ruby up to and including 2.6.7, 2.7.x up to and including 2.7.3, and 3.x up to and including 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle malicious users to bypass the TLS prot...
Ruby-lang Ruby
Oracle Jd Edwards Enterpriseone Tools
187
VMScore
CVE-2004-0755
The FileStore capability in CGI::Session for Ruby prior to 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
Yukihiro Matsumoto Ruby 1.6
Yukihiro Matsumoto Ruby 1.8
446
VMScore
CVE-2017-9229
An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_rang...
Oniguruma Project Oniguruma 6.2.0
Ruby-lang Ruby
Php Php
668
VMScore
CVE-2017-9225
An issue exists in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby up to and including 2.4.1 and mbstring in PHP up to and including 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFF...
Oniguruma Project Oniguruma 6.2.0
Php Php
Ruby-lang Ruby
NA
CVE-2022-46648
ruby-git versions prior to v1.13.0 allows a remote authenticated malicious user to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.
Ruby-git Project Ruby-git
Debian Debian Linux 10.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »