CVE-2021-41819

Debian Bug report logs - #1002995 ruby30: CVE-2021-41816 CVE-2021-41817 CVE-2021-41819 Package: src:ruby30; Maintainer for src:ruby30 is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 2 Jan 2022 14:18:01 UTC Severity: grave ...

Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result in XML roundtrip attacks, the execution of arbitrary code, information disclosure, StartTLS stripping in IMAP or denial of service For the oldstable distribution (buster), these problems have been fixed in version 255 ...

Several vulnerabilities have been discovered in the interpreter for the Ruby language and the Rubygems included, which may result in information disclosure or denial of service For the stable distribution (bullseye), these problems have been fixed in version 274-1+deb11u1 We recommend that you upgrade your ruby27 packages For the detailed sec ...

Synopsis Moderate: ruby:27 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the ruby:27 module is now available for Red Hat Enterprise Linux 8Red Hat Product Securi ...

Synopsis Moderate: ruby:30 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the ruby:30 module is now available for Red Hat Enterprise Linux 8Red Hat Product Securi ...

Synopsis Moderate: ruby:25 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the ruby:25 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update a ...

Synopsis Moderate: rh-ruby27-ruby security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-ruby27-ruby is now available for Red Hat Software CollectionsRed Hat Product Sec ...

Synopsis Important: ruby:26 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the ruby:26 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Secu ...

Synopsis Important: ruby:26 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the ruby:26 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update ...

Synopsis Important: rh-ruby26-ruby security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-ruby26-ruby is now available for Red Hat Software CollectionsRed Hat Product S ...

Synopsis Moderate: rh-ruby30-ruby security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-ruby30-ruby is now available for Red Hat Software CollectionsRed Hat Product Sec ...

Synopsis Important: ruby:26 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the ruby:26 module is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Secu ...

Synopsis Important: ruby:26 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the ruby:26 module is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Pr ...

CGIescape_html in Ruby before 275 and 3x before 303 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes This also affects the CGI gem before 031 for Ruby (CVE-2021-41816) A flaw was found in ruby, where the date object was found to be ...

A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service (ReDoS) during the parsing of dates This flaw allows an attacker to hang a ruby application by providing a specially crafted date string The highest threat to this vulnerability is system availability (CVE-2021-41817) CGI::Cookie ...

A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes Specifically, the built-in methods Filefnmatch and its alias Filefnmatch? did not properly handle path patterns containing the NULL byte A remote attacker could exploit this flaw to make a Ruby script access unexpected files and to bypass intended f ...

A security issue has been found in Ruby before versions 303, 275 and 269 A cookie prefix spoofing vulnerability was discovered in CGI::Cookieparse in the cgi gem before versions 031, 021 and 011 An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application ...