Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-36078
In Zammad prior to 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of ...
NA
CVE-2024-35176
REXML is an XML toolkit for Ruby. The REXML gem prior to 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later incl...
NA
CVE-2024-27281
An issue exists in RDoc 6.3.3 up to and including 6.6.2, as distributed in Ruby 3.x up to and including 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restri...
NA
CVE-2024-27282
An issue exists in Ruby 3.x up to and including 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5,...
NA
CVE-2024-27280
A buffer-overread issue exists in StringIO 3.0.1, as distributed in Ruby 3.0.x up to and including 3.0.6 and 3.1.x up to and including 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the me...
NA
CVE-2024-32970
Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities https://github.com/phlex-ruby/phlex/secu...
NA
CVE-2024-32887
Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an malicious user to inject Javascript code into the response of the application. An atta...
NA
CVE-2024-32463
phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. The filter to detect and prevent the use of the `javascript:` URL scheme in the `hr...
NA
CVE-2024-29034
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a ...
NA
CVE-2024-28862
The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after install...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »