Several security issues were fixed in Ruby ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Secu ...
Synopsis
Important: ruby:26 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory
View affected systems
Topic
An update for the ruby:26 module is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Pr ...
Debian Bug report logs -
#972230
CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-25613
Package:
jruby;
Maintainer for jruby is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for jruby is src:jruby (PTS, buildd, popcon)
Reported by: Moritz Muehlenhoff <jmm@debianorg> ...
Debian Bug report logs -
#830904
ITP: puppetserver -- the next-generation application for managing Puppet agents
Package:
wnpp;
Maintainer for wnpp is wnpp@debianorg;
Reported by: Mathieu Parent <sathieu@debianorg>
Date: Tue, 12 Jul 2016 20:24:02 UTC
Owned by: pollo@debianorg
Severity: wishlist
Fix blocked by 972230: ...
Several vulnerabilities have been discovered in the interpreter for the
Ruby language, which could result in unauthorized access by bypassing
intended path matchings, denial of service, or the execution of
arbitrary code
For the stable distribution (buster), these problems have been fixed in
version 255-3+deb10u1
We recommend that you upgrade y ...
Several vulnerabilities have been discovered in the interpreter for the
Ruby language, which could result in unauthorized access by bypassing
intended path matchings, denial of service, or the execution of
arbitrary code
For the oldstable distribution (stretch), these problems have been fixed
in version 233-1+deb9u7
We recommend that you upgrad ...
Ruby through 247, 25x through 256, and 26x through 264 allows HTTP Response Splitting If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients NOTE: this issue exists because of an incomplete fi ...
A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes Specifically, the built-in methods Filefnmatch and its alias Filefnmatch? did not properly handle path patterns containing the NULL byte A remote attacker could exploit this flaw to make a Ruby script access unexpected files and to bypass intended f ...
jQuery before 190 is vulnerable to Cross-site Scripting (XSS) attacks The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to ...
It has been discovered that Ruby before 248, 257 and 265 is vulnerable to code injection Shell#[] and its alias Shell#test defined in lib/shellrb allow code injection if the first argument (aka the “command” argument) is untrusted data An attacker can exploit this to call an arbitrary Ruby method ...