Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-11430
OmniAuth OmnitAuth-SAML 1.9.0 and previous versions may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to p...
Omnitauth-saml Project Omnitauth-saml
7.5
CVSSv2
CVE-2019-5421
Plataformatec Devise version 4.5.0 and previous versions, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result...
Plataformatec Devise
7.5
CVSSv2
CVE-2017-18365
The Management Console in GitHub Enterprise 2.8.x prior to 2.8.7 has a deserialization issue that allows unauthenticated remote malicious users to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's ...
Github Github
Github Github 2.8.7
7.5
CVSSv2
CVE-2019-5420
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an malicious user to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a re...
Rubyonrails Rails
Rubyonrails Rails 6.0.0
Debian Debian Linux 8.0
Fedoraproject Fedora 30
1 EDB exploit
17 Github repositories
7.5
CVSSv2
CVE-2014-10075
The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.
Karo Project Karo 2.3.8
7.5
CVSSv2
CVE-2018-10199
In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code.
Mruby Mruby
7.5
CVSSv2
CVE-2018-10191
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute ar...
Mruby Mruby
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2018-8971
The Auth0 integration in GitLab prior to 10.3.9, 10.4.x prior to 10.4.6, and 10.5.x prior to 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
Gitlab Gitlab
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2015-4412
BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem prior to 3.0.4 for Ruby allows remote malicious users to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.
Bson Project Bson 3.0.3
7.5
CVSSv2
CVE-2017-1000248
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
Redis-store Redis-store
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »