Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jruby vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2009-4123
The jruby-openssl gem prior to 0.6 for JRuby mishandles SSL certificate validation.
Jruby Jruby-openssl
7.5
CVSSv3
CVE-2021-41098
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and previous versions, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using a...
Nokogiri Nokogiri
6.5
CVSSv3
CVE-2018-1000997
A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and previous versions, LTS 2.138.1 and previous versions in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/sr...
Jenkins Jenkins
5.5
CVSSv3
CVE-2021-22569
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause fre...
Google Protobuf-kotlin
Google Protobuf-java
Google Google-protobuf
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Policy 1.15.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.1
Oracle Spatial And Graph Mapviewer 21c
Oracle Spatial And Graph Mapviewer 19c
1 Github repository
5.3
CVSSv3
CVE-2023-28755
A ReDoS issue exists in the URI component up to and including 0.12.0 in Ruby up to and including 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1,...
Ruby-lang Uri 0.12.0
Ruby-lang Uri 0.10.1
Ruby-lang Uri
Ruby-lang Uri 0.11.0
Debian Debian Linux 10.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
5.3
CVSSv3
CVE-2023-28756
A ReDoS issue exists in the Time component up to and including 0.2.1 in Ruby up to and including 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1...
Ruby-lang Time 0.2.1
Ruby-lang Time 0.1.0
Ruby-lang Ruby
Debian Debian Linux 10.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
NA
CVE-2014-2538
Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem prior to 1.4.0 for Ruby allows remote malicious users to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.
Joshua Peek Rack-ssl 1.3.1
Joshua Peek Rack-ssl 1.2.0
Joshua Peek Rack-ssl 1.0.0
Joshua Peek Rack-ssl 1.1.0
Joshua Peek Rack-ssl 1.3.0
Joshua Peek Rack-ssl 1.3.2
Joshua Peek Rack-ssl 1.3.3
Joshua Peek Rack-ssl
NA
CVE-2013-1856
The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x prior to 3.1.12 and 3.2.x prior to 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allo...
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.10
Rubyonrails Rails 3.2.3
Rubyonrails Rails 3.2.2
Rubyonrails Rails 3.1.8
Rubyonrails Rails 3.1.7
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.1.9
Rubyonrails Rails 3.1.10
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.4
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.2.12
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.5
NA
CVE-2012-5370
JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrat...
Jruby Jruby -
NA
CVE-2010-1330
The regular expression engine in JRuby prior to 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted string.
Jruby Jruby 1.3.0
Jruby Jruby 1.1.6
Jruby Jruby 1.1
Jruby Jruby 1.1.2
Jruby Jruby 1.0.3
Jruby Jruby 0.9.8
Jruby Jruby 0.9.2
Jruby Jruby 1.4.0
Jruby Jruby 1.3.1
Jruby Jruby 1.1.1
Jruby Jruby 1.0.2
Jruby Jruby 1.0.0
Jruby Jruby 1.2.0
Jruby Jruby 1.1.4
Jruby Jruby 1.1.5
Jruby Jruby 1.0.1
Jruby Jruby 0.9.0
Jruby Jruby
Jruby Jruby 1.1.3
Jruby Jruby 0.9.9
Jruby Jruby 0.9.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »