Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-28738
A double free was found in the Regexp compiler in Ruby 3.x prior to 3.0.4 and 3.1.x prior to 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
Ruby-lang Ruby
7.5
CVSSv2
CVE-2022-25648
The package git prior to 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The addit...
Git Git
Fedoraproject Fedora 34
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2021-41816
CGI.escape_html in Ruby prior to 2.7.5 and 3.x prior to 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem prior to 0.3.1 for Ruby.
Ruby-lang Cgi
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.5
CVSSv2
CVE-2021-35514
Narou (aka Narou.rb) prior to 3.8.0 allows Ruby Code Injection via the title name or author name of a novel.
Narou Project Narou
7.5
CVSSv2
CVE-2021-33575
The Pixar ruby-jss gem prior to 1.6.0 allows remote malicious users to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing.
Pixar Ruby-jss
7.5
CVSSv2
CVE-2021-21305
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave prior to 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutati...
Carrierwave Project Carrierwave
7.5
CVSSv2
CVE-2020-14001
The kramdown gem prior to 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="...
Kramdown Project Kramdown
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 20.04
7.5
CVSSv2
CVE-2020-8159
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an malicious user to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
Rubyonrails Actionpack Page-caching
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2020-11020
Faye (NPM, RubyGem) versions greater than 0.5.0 and prior to 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to th...
Faye Project Faye
7.5
CVSSv2
CVE-2013-1607
Ruby PDFKit gem before 0.5.3 has a Code Execution Vulnerability
Pdfkit Project Pdfkit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »