Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang vulnerabilities and exploits
(subscribe to this query)
695
VMScore
CVE-2019-16201
WEBrick::HTTPAuth::DigestAuth in Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Intern...
Ruby-lang Ruby
Debian Debian Linux 8.0
2 Github repositories
445
VMScore
CVE-2019-16254
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a he...
Ruby-lang Ruby
Debian Debian Linux 8.0
605
VMScore
CVE-2019-16255
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to cal...
Ruby-lang Ruby
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.1
Oracle Graalvm 19.3.0.2
570
VMScore
CVE-2019-15845
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 mishandles path checking within File.fnmatch functions.
Ruby-lang Ruby
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
668
VMScore
CVE-2011-4121
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on stron...
Ruby-lang Ruby
445
VMScore
CVE-2011-3624
Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and previous versions do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote malicious users to inject arbitrary text into log files or bypass inten...
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.9.2
187
VMScore
CVE-2013-1945
ruby193 uses an insecure LD_LIBRARY_PATH setting.
Ruby-lang Ruby193 -
187
VMScore
CVE-2019-11879
The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore i...
Ruby-lang Webrick 1.4.2
445
VMScore
CVE-2014-6438
The URI.decode_www_form_component method in Ruby prior to 1.9.2-p330 allows remote malicious users to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
Ruby-lang Ruby
668
VMScore
CVE-2017-11465
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows malicious users to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might h...
Ruby-lang Ruby 2.4.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »