Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ruby
(Ruby\-Lang)Repositories |
• https://github.com/ruby/ruby
• https://github.com/kkos/oniguruma • https://github.com/rdoc/rdoc • https://github.com/flori/json |
#Vulnerabilities | 91 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-02-28 | CVE-2020-5247 | In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is... | Debian_linux, Fedora, Puma, Ruby | 7.5 | ||
2020-05-04 | CVE-2020-10933 | An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. | Debian_linux, Fedora, Ruby | 5.3 | ||
2021-04-21 | CVE-2021-28965 | The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. | Fedora, Rexml, Ruby | 7.5 | ||
2018-04-03 | CVE-2017-17742 | Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. | Debian_linux, Ruby | 5.3 | ||
2019-11-26 | CVE-2019-16201 | WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. | Debian_linux, Ruby | 7.5 | ||
2019-11-26 | CVE-2019-16254 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. | Debian_linux, Ruby | 5.3 | ||
2019-11-26 | CVE-2019-16255 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. | Debian_linux, Leap, Graalvm, Ruby | 8.1 | ||
2022-09-29 | CVE-2016-2338 | An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow. | Debian_linux, Ruby | 9.8 | ||
2017-05-24 | CVE-2017-9229 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. | Oniguruma, Php, Ruby | 7.5 | ||
2021-07-30 | CVE-2021-28966 | In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. | Ruby | 7.5 |