Software Detail

Software Informaton Top

Programming

Software Detail

Ruby

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.ruby-lang.org/
Explanation	It is an object-oriented scripting language developed by Yukihiro Matsumoto, which does not require compilation and is executed by an interpreter.
Tag	オープンソース Ruby’s License

Add Information URL

No	Type	Name	URL
1			https://www.ruby-lang.org/en/downloads/branches/
2			https://www.ruby-lang.org/ja/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
31	Ruby 3.2	3.2.9	July 24, 2025	Dec. 25, 2022	March 31, 2026	0	0	0
32	Ruby 3.1	3.1.7	March 26, 2025	Dec. 25, 2021	March 31, 2025	1	2	0
33	Ruby 3.0	3.0.7	April 23, 2024	Dec. 25, 2020	March 31, 2024	1	7	1
34	Ruby 2.7	2.7.8	March 30, 2023	Dec. 25, 2019	March 31, 2023	0	9	3
35	Ruby 2.6	2.6.10	April 12, 2022	Dec. 25, 2018	March 31, 2022	2	15	6
36	Ruby 2.5	2.5.9	April 5, 2021	Dec. 25, 2017	March 31, 2021	3	14	6
37	Ruby 2.4	2.4.10	March 31, 2020	Dec. 25, 2016	March 31, 2020	7	18	6
38	Ruby 2.3	2.3.8	Oct. 17, 2018	Dec. 25, 2015	March 31, 2019	10	15	5
39	Ruby 2.2	2.2.10	March 28, 2018	Dec. 25, 2014	March 31, 2018	9	15	7
40	Ruby 2.1	2.1.10	March 28, 2018	Dec. 25, 2013	March 31, 2017	3	10	11
41	Ruby 2.0	p648	Dec. 16, 2015	Feb. 24, 2013	Feb. 24, 2016	3	10	21
42	Ruby 1.9	p551	Nov. 13, 2014	Dec. 25, 2007	Feb. 23, 2015	4	19	29
43	Ruby 1.8	1.8.7-p374	June 27, 2013			4	22	28

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
31	9.8 7.5	CRITICAL Network	The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '\|…	CWE-74 Injection	CVE-2017-17790	cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1 cpe:2.3:a:ruby-lang:ruby::	2.4 2.2 2.3	2.4.2 2.2.8 2.3.5	2024-11-21 12:18 2017-12-20	Show	GitHub Exploit DB Packet Storm

32	8.8 9.3	HIGH Network	Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument star…	CWE-78 OS Command	CVE-2017-17405	cpe:2.3:a:ruby-lang:ruby:2.5.0:preview1 cpe:2.3:a:ruby-lang:ruby::	2.4 2.2 2.3	2.4.2 2.2.8 2.3.5	2024-11-21 12:17 2017-12-15	Show	GitHub Exploit DB Packet Storm

33	7.5 5.0	HIGH Network	The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2017-14033	cpe:2.3:a:ruby-lang:ruby:2.4.1:* cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1 cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3 cp…			2024-11-21 12:12 2017-09-20	Show	GitHub Exploit DB Packet Storm

34	8.8 9.3	HIGH Network	The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log an…	CWE-287 Improper Authentication	CVE-2017-10784	cpe:2.3:a:ruby-lang:ruby:2.4.1:* cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1 cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3 cp…		2.2.7	2024-11-21 12:06 2017-09-20	Show	GitHub Exploit DB Packet Storm

35	9.1 6.4	CRITICAL Network	Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting …	CWE-134 Use of Externally-Controlled Format String	CVE-2017-0898	cpe:2.3:a:ruby-lang:ruby:2.4.1:* cpe:2.3:a:ruby-lang:ruby:2.4.0:* cpe:2.3:a:ruby-lang:ruby:2.3.4:* cpe:2.3:a:r…			2024-11-21 12:03 2017-09-16	Show	GitHub Exploit DB Packet Storm

36	7.5 5.0	HIGH Network	The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or applica…	CWE-399 Resource Management Errors	CVE-2014-6438	cpe:2.3:a:ruby-lang:ruby::		1.9.2	2024-11-21 11:14 2017-09-7	Show	GitHub Exploit DB Packet Storm

37	9.8 7.5	CRITICAL Network	Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which …	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2017-14064	cpe:2.3:a:ruby-lang:ruby:2.4.1:* cpe:2.3:a:ruby-lang:ruby:2.4.0:rc1 cpe:2.3:a:ruby-lang:ruby:2.4.0:preview3 cp…		2.2.7	2024-11-21 12:12 2017-09-1	Show	GitHub Exploit DB Packet Storm

38	9.8 7.5	CRITICAL Network	The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script…	CWE-125 CWE-787 Out-of-bounds Read Out-of-bounds Write	CVE-2017-11465	cpe:2.3:a:ruby-lang:ruby:2.4.1:*			2024-11-21 12:07 2017-07-20	Show	GitHub Exploit DB Packet Storm

39	6.1 4.3	MEDIUM Network	Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA subs…	CWE-93 CRLF Injection	CVE-2015-9096	cpe:2.3:a:ruby-lang:ruby:*:rc1		2.4.0	2024-11-21 11:39 2017-06-13	Show	GitHub Exploit DB Packet Storm

40	7.5 5.0	HIGH Network	An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression com…	CWE-476 NULL Pointer Dereference	CVE-2017-9229	cpe:2.3:a:ruby-lang:ruby::		2.4.1	2024-11-21 12:35 2017-05-25	Show	GitHub Exploit DB Packet Storm