Software Detail

Software Informaton Top

Programming

Software Detail

Ruby

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.ruby-lang.org/
Explanation	It is an object-oriented scripting language developed by Yukihiro Matsumoto, which does not require compilation and is executed by an interpreter.
Tag	オープンソース Ruby’s License

Add Information URL

No	Type	Name	URL
1			https://www.ruby-lang.org/en/downloads/branches/
2			https://www.ruby-lang.org/ja/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
21	Ruby 3.2	3.2.9	July 24, 2025	Dec. 25, 2022	March 31, 2026	0	0	0
22	Ruby 3.1	3.1.7	March 26, 2025	Dec. 25, 2021	March 31, 2025	1	2	0
23	Ruby 3.0	3.0.7	April 23, 2024	Dec. 25, 2020	March 31, 2024	1	7	1
24	Ruby 2.7	2.7.8	March 30, 2023	Dec. 25, 2019	March 31, 2023	0	9	3
25	Ruby 2.6	2.6.10	April 12, 2022	Dec. 25, 2018	March 31, 2022	2	15	6
26	Ruby 2.5	2.5.9	April 5, 2021	Dec. 25, 2017	March 31, 2021	3	14	6
27	Ruby 2.4	2.4.10	March 31, 2020	Dec. 25, 2016	March 31, 2020	7	18	6
28	Ruby 2.3	2.3.8	Oct. 17, 2018	Dec. 25, 2015	March 31, 2019	10	15	5
29	Ruby 2.2	2.2.10	March 28, 2018	Dec. 25, 2014	March 31, 2018	9	15	7
30	Ruby 2.1	2.1.10	March 28, 2018	Dec. 25, 2013	March 31, 2017	3	10	11
31	Ruby 2.0	p648	Dec. 16, 2015	Feb. 24, 2013	Feb. 24, 2016	3	10	21
32	Ruby 1.9	p551	Nov. 13, 2014	Dec. 25, 2007	Feb. 23, 2015	4	19	29
33	Ruby 1.8	1.8.7-p374	June 27, 2013			4	22	28

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
21	9.8 7.5	CRITICAL Network	The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use t…	CWE-326 Inadequate Encryption Strength	CVE-2011-4121	cpe:2.3:a:ruby-lang:ruby::	1.8.7.334		1.9.3	2024-11-21 10:31 2019-11-26	Show	GitHub Exploit DB Packet Storm

22	5.3 5.0	MEDIUM Network	Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote …	CWE-74 Injection	CVE-2011-3624	cpe:2.3:a:ruby-lang:ruby:1.9.2:* cpe:2.3:a:ruby-lang:ruby:1.8.7:*				2024-11-21 10:30 2019-11-26	Show	GitHub Exploit DB Packet Storm

23	8.1 6.8	HIGH Network	An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some f…	NVD-CWE-noinfo	CVE-2018-16396	cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2 cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1 cpe:2.3:a:ruby-lang:ruby::	2.3.0 2.4.0 2.5.0	2.3.7 2.4.4 2.5.1		2024-11-21 12:52 2018-11-17	Show	GitHub Exploit DB Packet Storm

24	9.8 7.5	CRITICAL Network	An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using =…	NVD-CWE-noinfo	CVE-2018-16395	cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2 cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1 cpe:2.3:a:ruby-lang:ruby::	2.3.0 2.4.0 2.5.0	2.3.7 2.4.4 2.5.1		2024-11-21 12:52 2018-11-17	Show	GitHub Exploit DB Packet Storm

25	9.1 7.5	CRITICAL Network	In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When usi…	CWE-22 Path Traversal	CVE-2018-8780	cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1 cpe:2.3:a:ruby-lang:ruby::	2.3.0 2.4.0 2.5.0		2.2.10 2.3.7 2.4.4 2.5.1	2024-11-21 13:14 2018-04-4	Show	GitHub Exploit DB Packet Storm

26	7.5 5.0	HIGH Network	In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be c…	CWE-20 Improper Input Validation	CVE-2018-8779	cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1 cpe:2.3:a:ruby-lang:ruby::	2.3.0 2.4.0 2.5.0 2.2.0		2.3.7 2.4.4 2.5.1 2.2.10	2024-11-21 13:14 2018-04-4	Show	GitHub Exploit DB Packet Storm

27	7.5 5.0	HIGH Network	In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trig…	CWE-134 Use of Externally-Controlled Format String	CVE-2018-8778	cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1 cpe:2.3:a:ruby-lang:ruby::	2.3.0 2.4.0 2.5.0 2.2.0		2.3.7 2.4.4 2.5.1 2.2.10	2024-11-21 13:14 2018-04-4	Show	GitHub Exploit DB Packet Storm

28	7.5 5.0	HIGH Network	In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted b…	CWE-400 Uncontrolled Resource Consumption	CVE-2018-8777	cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1 cpe:2.3:a:ruby-lang:ruby::	2.3.0 2.4.0 2.5.0 2.2.0		2.3.7 2.4.4 2.5.1 2.2.10	2024-11-21 13:14 2018-04-4	Show	GitHub Exploit DB Packet Storm

29	7.5 5.0	HIGH Network	Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow at…	CWE-22 Path Traversal	CVE-2018-6914	cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1 cpe:2.3:a:ruby-lang:ruby::	2.3.0 2.4.0 2.5.0 2.2.0		2.3.7 2.4.4 2.5.1 2.2.10	2024-11-21 13:11 2018-04-4	Show	GitHub Exploit DB Packet Storm

30	5.3 5.0	MEDIUM Network	Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTT…	CWE-113 HTTP Response Splitting	CVE-2017-17742	cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1 cpe:2.3:a:ruby-lang:ruby::	2.3.0 2.4.0 2.5.0 2.2.0		2.3.7 2.4.4 2.5.1 2.2.10	2024-11-21 12:18 2018-04-4	Show	GitHub Exploit DB Packet Storm