Software Detail

Software Informaton Top

Programming

Software Detail

Ruby

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.ruby-lang.org/
Explanation	It is an object-oriented scripting language developed by Yukihiro Matsumoto, which does not require compilation and is executed by an interpreter.
Tag	オープンソース Ruby’s License

Add Information URL

No	Type	Name	URL
1			https://www.ruby-lang.org/en/downloads/branches/
2			https://www.ruby-lang.org/ja/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
41	Ruby 3.2	3.2.9	July 24, 2025	Dec. 25, 2022	March 31, 2026	0	0	0
42	Ruby 3.1	3.1.7	March 26, 2025	Dec. 25, 2021	March 31, 2025	1	2	0
43	Ruby 3.0	3.0.7	April 23, 2024	Dec. 25, 2020	March 31, 2024	1	7	1
44	Ruby 2.7	2.7.8	March 30, 2023	Dec. 25, 2019	March 31, 2023	0	9	3
45	Ruby 2.6	2.6.10	April 12, 2022	Dec. 25, 2018	March 31, 2022	2	15	6
46	Ruby 2.5	2.5.9	April 5, 2021	Dec. 25, 2017	March 31, 2021	3	14	6
47	Ruby 2.4	2.4.10	March 31, 2020	Dec. 25, 2016	March 31, 2020	7	18	6
48	Ruby 2.3	2.3.8	Oct. 17, 2018	Dec. 25, 2015	March 31, 2019	10	15	5
49	Ruby 2.2	2.2.10	March 28, 2018	Dec. 25, 2014	March 31, 2018	9	15	7
50	Ruby 2.1	2.1.10	March 28, 2018	Dec. 25, 2013	March 31, 2017	3	10	11
51	Ruby 2.0	p648	Dec. 16, 2015	Feb. 24, 2013	Feb. 24, 2016	3	10	21
52	Ruby 1.9	p551	Nov. 13, 2014	Dec. 25, 2007	Feb. 23, 2015	4	19	29
53	Ruby 1.8	1.8.7-p374	June 27, 2013			4	22	28

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
41	9.8 7.5	CRITICAL Network	An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str…	CWE-787 Out-of-bounds Write	CVE-2017-9225	cpe:2.3:a:ruby-lang:ruby::	2.4.1	2024-11-21 12:35 2017-05-25	Show	GitHub Exploit DB Packet Storm

42	7.5 5.0	HIGH Network	The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion a…	CWE-20 Improper Input Validation	CVE-2017-6181	cpe:2.3:a:ruby-lang:ruby:2.4.0:*		2024-11-21 12:29 2017-04-3	Show	GitHub Exploit DB Packet Storm

43	7.3 7.5	HIGH Network	DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.	CWE-20 Improper Input Validation	CVE-2009-5147	cpe:2.3:a:ruby-lang:ruby:2.1.7:* cpe:2.3:a:ruby-lang:ruby:2.1.6:* cpe:2.3:a:ruby-lang:ruby:2.1.5:* cpe:2.3:a:r…		2024-11-21 10:11 2017-03-29	Show	GitHub Exploit DB Packet Storm

44	9.8 7.5	CRITICAL Network	An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is m…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2016-2339	cpe:2.3:a:ruby-lang:ruby:2.3.0:* cpe:2.3:a:ruby-lang:ruby:2.2.2:*		2024-11-21 11:48 2017-01-7	Show	GitHub Exploit DB Packet Storm

45	9.8 7.5	CRITICAL Network	Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.	NVD-CWE-Other	CVE-2016-2337	cpe:2.3:a:ruby-lang:ruby:2.3.0:* cpe:2.3:a:ruby-lang:ruby:2.2.2:*		2024-11-21 11:48 2017-01-7	Show	GitHub Exploit DB Packet Storm

46	9.8 7.5	CRITICAL Network	Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code e…	NVD-CWE-Other	CVE-2016-2336	cpe:2.3:a:ruby-lang:ruby:2.3.0:* cpe:2.3:a:ruby-lang:ruby:2.2.2:*		2024-11-21 11:48 2017-01-7	Show	GitHub Exploit DB Packet Storm

47	8.4 4.6	HIGH Local	The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles …	CWE-20 Improper Input Validation	CVE-2015-7551	cpe:2.3:a:ruby-lang:ruby:2.2.3:* cpe:2.3:a:ruby-lang:ruby:2.2.2:* cpe:2.3:a:ruby-lang:ruby:2.2.1:* cpe:2.3:a:r…	2.0.0-p647	2024-11-21 11:36 2016-03-24	Show	GitHub Exploit DB Packet Storm

48	- 5.0	MEDIUM	RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests t…	CWE-254 7PK - Security Features	CVE-2015-3900	cpe:2.3:a:ruby-lang:ruby:2.2.0:* cpe:2.3:a:ruby-lang:ruby:2.1:- cpe:2.3:a:ruby-lang:ruby:2.1.5:* cpe:2.3:a:rub…		2024-11-21 11:30 2015-06-24	Show	GitHub Exploit DB Packet Storm

49	- 5.0	MEDIUM	The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption)…	NVD-CWE-Other	CVE-2014-8090	cpe:2.3:a:ruby-lang:ruby:2.1.4:* cpe:2.3:a:ruby-lang:ruby:2.1.3:* cpe:2.3:a:ruby-lang:ruby:2.1.2:* cpe:2.3:a:r…	1.9.3	2024-11-21 11:18 2014-11-22	Show	GitHub Exploit DB Packet Storm

50	- 5.0	MEDIUM	Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial …	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2014-4975	cpe:2.3:a:ruby-lang:ruby:2.1:preview1 cpe:2.3:a:ruby-lang:ruby:2.1:- cpe:2.3:a:ruby-lang:ruby:2.1.2:* cpe:2.3:…	1.9.3	2024-11-21 11:11 2014-11-16	Show	GitHub Exploit DB Packet Storm