Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubygems vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2615
lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote malicious users to execute arbitrary commands via shell metacharacters in a URL.
Rubygems Fastreader 1.0.8
NA
CVE-2013-1875
command_wrap.rb in the command_wrap Gem for Ruby allows remote malicious users to execute arbitrary commands via shell metacharacters in a URL or filename.
Rubygems Command Wrap -
NA
CVE-2013-2616
lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote malicious users to execute arbitrary commands via shell metacharacters in a URL.
Rubygems Mini Magick 1.3.1
7.5
CVSSv3
CVE-2012-6135
RubyGems passenger 4.0.0 betas 1 and 2 allows remote malicious users to delete arbitrary files during the startup process.
Phusion Passenger 4.0.0
Redhat Openshift 1.0
7.2
CVSSv3
CVE-2020-15244
In Magento (rubygems openmage/magento-lts package) prior to 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4.
Openmage Magento
6.1
CVSSv3
CVE-2015-9096
Net::SMTP in Ruby prior to 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Ruby-lang Ruby
6.5
CVSSv3
CVE-2021-29435
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an malicious user to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin ...
NA
CVE-2014-3248
Untrusted search path vulnerability in Puppet Enterprise 2.8 prior to 2.8.7, Puppet prior to 2.7.26 and 3.x prior to 3.6.2, Facter 1.6.x and 2.x prior to 2.0.2, Hiera prior to 1.3.4, and Mcollective prior to 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to ga...
Puppetlabs Facter
Puppet Facter 2.0.1
Puppet Facter 2.0.0
Puppet Marionette Collective
Puppet Hiera
Puppet Puppet
Puppet Puppet Enterprise
9.1
CVSSv3
CVE-2020-15240
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an malicious user to bypass authentication and authorization. You are a...
Auth0 Omniauth-auth0
9.6
CVSSv3
CVE-2023-28102
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit `91e13043ffa` the `encoder.rb` file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library ...
Discordrb Project Discordrb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »