1
|
5.3
-
|
MEDIUM
Network
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time …
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2023-28756
|
cpe:2.3:a:ruby-lang:ruby:*:*
|
|
2.7.7
|
|
|
2024-01-24 14:15
2023-03-31
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2
|
8.8
-
|
HIGH
Network
|
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HT…
|
CWE-74
Injection
|
CVE-2021-33621
|
cpe:2.3:a:ruby-lang:ruby:*:*
|
3.1.0 3.0.0 2.7.0
|
|
|
3.1.3 3.0.5 2.7.7
|
2024-01-24 14:15
2022-11-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
9.8
-
|
CRITICAL
Network
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags …
|
CWE-787
Out-of-bounds Write
|
CVE-2016-2338
|
cpe:2.3:a:ruby-lang:ruby:2.3.0:* cpe:2.3:a:ruby-lang:ruby:2.2.2:*
|
|
|
|
|
2023-03-2 01:35
2022-09-29
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
4
|
7.5
4.3
|
HIGH
Network
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
|
CWE-125
Out-of-bounds Read
|
CVE-2022-28739
|
cpe:2.3:a:ruby-lang:ruby:*:*
|
3.1.0 3.0.0 2.7.0
|
|
|
3.1.2 3.0.4 2.7.6 2.6.10
|
2024-01-24 14:15
2022-05-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
5
|
9.8
7.5
|
CRITICAL
Network
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to …
|
CWE-415
Double Free
|
CVE-2022-28738
|
cpe:2.3:a:ruby-lang:ruby:*:*
|
3.1.0 3.0.0
|
|
|
3.1.2 3.0.4
|
2024-01-24 14:15
2022-05-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
6
|
7.5
5.0
|
HIGH
Network
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2021-41819
|
cpe:2.3:a:ruby-lang:ruby:*:*
|
3.0.0 2.7.0
|
2.6.8
|
|
3.0.3 2.7.5
|
2024-01-24 14:15
2022-01-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
7
|
7.5
5.0
|
HIGH
Network
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2021-41817
|
cpe:2.3:a:ruby-lang:ruby:*:*
|
3.0.0 2.7.0 2.6.0
|
|
|
3.0.3 2.7.5 2.6.9
|
2024-01-24 14:15
2022-01-1
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
8
|
7.4
5.8
|
HIGH
Network
|
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2021-32066
|
cpe:2.3:a:ruby-lang:ruby:*:*
|
3.0.0 2.7.0 2.6.0
|
3.0.1 2.7.3 2.6.7
|
|
|
2024-01-24 14:15
2021-08-2
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
9
|
7.5
5.0
|
HIGH
Network
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
|
CWE-22
Path Traversal
|
CVE-2021-28966
|
cpe:2.3:a:ruby-lang:ruby:*:*
|
3.0.0
|
|
|
3.0.1 2.7.3
|
2022-08-13 03:27
2021-07-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
10
|
5.8
5.0
|
MEDIUM
Network
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP addres…
|
NVD-CWE-Other
|
CVE-2021-31810
|
cpe:2.3:a:ruby-lang:ruby:*:*
|
2.7.0 3.0.0
|
2.6.7 2.7.3 3.0.1
|
|
|
2024-01-24 14:15
2021-07-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|