Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby-lang ruby vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-6181
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote malicious users to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
Ruby-lang Ruby 2.4.0
NA
CVE-2012-5380
Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system enviro...
Ruby-lang Ruby 1.9.3
1 EDB exploit
NA
CVE-2012-4481
The safe-level feature in Ruby 1.8.7 allows context-dependent malicious users to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
Ruby-lang Ruby 1.8.7
NA
CVE-2009-4124
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 prior to 1.9.1-p376 allows context-dependent malicious users to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of the...
Ruby-lang Ruby 1.9.1
9.8
CVSSv3
CVE-2017-11465
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows malicious users to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might h...
Ruby-lang Ruby 2.4.1
5.3
CVSSv3
CVE-2023-36617
A ReDoS issue exists in the URI component prior to 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exist...
Ruby-lang Uri
1 Github repository
3.3
CVSSv3
CVE-2013-1945
ruby193 uses an insecure LD_LIBRARY_PATH setting.
Ruby-lang Ruby193 -
7.5
CVSSv3
CVE-2020-5247
In Puma (RubyGem) prior to 4.3.2 and prior to 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an e...
Ruby-lang Ruby
Puma Puma
Ruby-lang Ruby 2.7.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
7.5
CVSSv3
CVE-2019-16201
WEBrick::HTTPAuth::DigestAuth in Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Intern...
Ruby-lang Ruby
Debian Debian Linux 8.0
2 Github repositories
5.3
CVSSv3
CVE-2019-16254
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a he...
Ruby-lang Ruby
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »