Software Detail
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
Number of items displayed
Ruby Number Of NVD 91 CRITICAL 13 HIGH 37 MEDIUM 41 LOW 0
URL https://www.ruby-lang.org/
Explanation It is an object-oriented scripting language developed by Yukihiro Matsumoto, which does not require compilation and is executed by an interpreter.
Tag
  • オープンソース
  • Ruby’s License
Add Information URL
No Type Name URL
1 https://www.ruby-lang.org/en/downloads/branches/
2 https://www.ruby-lang.org/ja/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 Ruby 3.2 3.2.2 March 30, 2023 Dec. 25, 2022 March 31, 2026 0 0 0 0
2 Ruby 3.1 3.1.5 April 23, 2024 Dec. 25, 2021 March 31, 2025 1 2 0 0
3 Ruby 3.0 3.0.7 April 23, 2024 Dec. 25, 2020 March 31, 2024 1 7 1 0
4 Ruby 2.7 2.7.8 March 30, 2023 Dec. 25, 2019 March 31, 2023 0 9 3 0
5 Ruby 2.6 2.6.10 April 12, 2022 Dec. 25, 2018 March 31, 2022 2 15 6 0
6 Ruby 2.5 2.5.9 April 5, 2021 Dec. 25, 2017 March 31, 2021 3 14 6 0
7 Ruby 2.4 2.4.10 March 31, 2020 Dec. 25, 2016 March 31, 2020 7 18 6 0
8 Ruby 2.3 2.3.8 Oct. 17, 2018 Dec. 25, 2015 March 31, 2019 10 15 5 0
9 Ruby 2.2 2.2.10 March 28, 2018 Dec. 25, 2014 March 31, 2018 9 15 7 0
10 Ruby 2.1 2.1.10 March 28, 2018 Dec. 25, 2013 March 31, 2017 3 10 11 0
11 Ruby 2.0 p648 Dec. 16, 2015 Feb. 24, 2013 Feb. 24, 2016 3 10 21 0
12 Ruby 1.9 p551 Nov. 13, 2014 Dec. 25, 2007 Feb. 23, 2015 4 19 29 0
13 Ruby 1.8 1.8.7-p374 June 27, 2013 4 22 28 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 5.3
- 		MEDIUM
Network 		A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time … CWE-1333
 Inefficient Regular Expression Complexity 		CVE-2023-28756 cpe:2.3:a:ruby-lang:ruby:*:* 2.7.7 2024-01-24 14:15
2023-03-31 		Show GitHub Exploit DB Packet Storm
2 8.8
- 		HIGH
Network 		The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HT… CWE-74
Injection 		CVE-2021-33621 cpe:2.3:a:ruby-lang:ruby:*:* 3.1.0
3.0.0
2.7.0



3.1.3
3.0.5
2.7.7 		2024-01-24 14:15
2022-11-19 		Show GitHub Exploit DB Packet Storm
3 9.8
- 		CRITICAL
Network 		An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags … CWE-787
 Out-of-bounds Write 		CVE-2016-2338 cpe:2.3:a:ruby-lang:ruby:2.3.0:*
cpe:2.3:a:ruby-lang:ruby:2.2.2:* 		2023-03-2 01:35
2022-09-29 		Show GitHub Exploit DB Packet Storm
4 7.5
4.3 		HIGH
Network 		There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. CWE-125
Out-of-bounds Read 		CVE-2022-28739 cpe:2.3:a:ruby-lang:ruby:*:* 3.1.0
3.0.0
2.7.0





3.1.2
3.0.4
2.7.6
2.6.10 		2024-01-24 14:15
2022-05-10 		Show GitHub Exploit DB Packet Storm
5 9.8
7.5 		CRITICAL
Network 		A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to … CWE-415
 Double Free 		CVE-2022-28738 cpe:2.3:a:ruby-lang:ruby:*:* 3.1.0
3.0.0

3.1.2
3.0.4 		2024-01-24 14:15
2022-05-10 		Show GitHub Exploit DB Packet Storm
6 7.5
5.0 		HIGH
Network 		CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. CWE-565
 Reliance on Cookies without Validation and Integrity Checking 		CVE-2021-41819 cpe:2.3:a:ruby-lang:ruby:*:* 3.0.0
2.7.0

2.6.8

3.0.3
2.7.5
 2024-01-24 14:15
2022-01-1 		Show GitHub Exploit DB Packet Storm
7 7.5
5.0 		HIGH
Network 		Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. CWE-1333
 Inefficient Regular Expression Complexity 		CVE-2021-41817 cpe:2.3:a:ruby-lang:ruby:*:* 3.0.0
2.7.0
2.6.0



3.0.3
2.7.5
2.6.9 		2024-01-24 14:15
2022-01-1 		Show GitHub Exploit DB Packet Storm
8 7.4
5.8 		HIGH
Network 		An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man… CWE-755
 Improper Handling of Exceptional Conditions 		CVE-2021-32066 cpe:2.3:a:ruby-lang:ruby:*:* 3.0.0
2.7.0
2.6.0 		3.0.1
2.7.3
2.6.7



2024-01-24 14:15
2021-08-2 		Show GitHub Exploit DB Packet Storm
9 7.5
5.0 		HIGH
Network 		In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. CWE-22
Path Traversal 		CVE-2021-28966 cpe:2.3:a:ruby-lang:ruby:*:* 3.0.0

3.0.1
2.7.3 		2022-08-13 03:27
2021-07-30 		Show GitHub Exploit DB Packet Storm
10 5.8
5.0 		MEDIUM
Network 		An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP addres… NVD-CWE-Other
CVE-2021-31810 cpe:2.3:a:ruby-lang:ruby:*:*
2.7.0
3.0.0 		2.6.7
2.7.3
3.0.1



2024-01-24 14:15
2021-07-13 		Show GitHub Exploit DB Packet Storm