Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28755
A ReDoS issue exists in the URI component up to and including 0.12.0 in Ruby up to and including 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1,...
Ruby-lang Uri 0.12.0
Ruby-lang Uri 0.10.1
Ruby-lang Uri
Ruby-lang Uri 0.11.0
Debian Debian Linux 10.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
445
VMScore
CVE-2004-0983
The CGI module in Ruby 1.6 prior to 1.6.8, and 1.8 prior to 1.8.2, allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
Yukihiro Matsumoto Ruby 1.8.2 Pre2
Yukihiro Matsumoto Ruby 1.6.7
Yukihiro Matsumoto Ruby 1.8
Yukihiro Matsumoto Ruby 1.6
Yukihiro Matsumoto Ruby 1.8.1
Yukihiro Matsumoto Ruby 1.8.2 Pre1
Mandrakesoft Mandrake Linux 9.2
Mandrakesoft Mandrake Linux Corporate Server 2.1
Mandrakesoft Mandrake Linux 10.0
Mandrakesoft Mandrake Linux 10.1
Ubuntu Ubuntu Linux 4.1
Gentoo Linux
445
VMScore
CVE-2017-16516
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of s...
Yajl-ruby Project Yajl-ruby 1.3.0
Debian Debian Linux 7.0
445
VMScore
CVE-2021-31810
An issue exists in Ruby up to and including 2.6.7, 2.7.x up to and including 2.7.3, and 3.x up to and including 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract infor...
Ruby-lang Ruby
Debian Debian Linux 9.0
Oracle Jd Edwards Enterpriseone Tools
NA
CVE-2022-47318
ruby-git versions prior to v1.13.0 allows a remote authenticated malicious user to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.
Ruby-git Project Ruby-git
Debian Debian Linux 10.0
Fedoraproject Fedora 37
383
VMScore
CVE-2013-1812
The ruby-openid gem prior to 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
Fedoraproject Fedora 18
Fedoraproject Fedora 17
Janrain Ruby-openid
Janrain Ruby-openid 2.2.0
668
VMScore
CVE-2006-4111
Ruby on Rails prior to 1.1.5 allows remote malicious users to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails 0.9.0
Rubyonrails Ruby On Rails 0.5.0
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Rails 0.12.0
Rubyonrails Rails 0.13.0
Rubyonrails Rails 0.14.1
Rubyonrails Rails 0.11.0
Rubyonrails Rails 1.1.3
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.1
Rubyonrails Rails 1.1.0
Rubyonrails Rails 1.0.0
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.6.0
Rubyonrails Ruby On Rails 0.6.5
Rubyonrails Ruby On Rails 0.7.0
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Rails 0.9.4
Rubyonrails Rails 0.9.4.1
Rubyonrails Rails 0.13.1
187
VMScore
CVE-2013-1945
ruby193 uses an insecure LD_LIBRARY_PATH setting.
Ruby-lang Ruby193 -
668
VMScore
CVE-2021-33575
The Pixar ruby-jss gem prior to 1.6.0 allows remote malicious users to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing.
Pixar Ruby-jss
NA
CVE-2015-20108
xml_security.rb in the ruby-saml gem prior to 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
Onelogin Ruby-saml
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »