Software Detail

Software Informaton Top

Programming

Software Detail

Ruby

Number Of NVD

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.ruby-lang.org/
Explanation	It is an object-oriented scripting language developed by Yukihiro Matsumoto, which does not require compilation and is executed by an interpreter.
Tag	オープンソース Ruby’s License

Add Information URL

No	Type	Name	URL
1			https://www.ruby-lang.org/en/downloads/branches/
2			https://www.ruby-lang.org/ja/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium
51	Ruby 3.2	3.2.9	July 24, 2025	Dec. 25, 2022	March 31, 2026	0	0	0
52	Ruby 3.1	3.1.7	March 26, 2025	Dec. 25, 2021	March 31, 2025	1	2	0
53	Ruby 3.0	3.0.7	April 23, 2024	Dec. 25, 2020	March 31, 2024	1	7	1
54	Ruby 2.7	2.7.8	March 30, 2023	Dec. 25, 2019	March 31, 2023	0	9	3
55	Ruby 2.6	2.6.10	April 12, 2022	Dec. 25, 2018	March 31, 2022	2	15	6
56	Ruby 2.5	2.5.9	April 5, 2021	Dec. 25, 2017	March 31, 2021	3	14	6
57	Ruby 2.4	2.4.10	March 31, 2020	Dec. 25, 2016	March 31, 2020	7	18	6
58	Ruby 2.3	2.3.8	Oct. 17, 2018	Dec. 25, 2015	March 31, 2019	10	15	5
59	Ruby 2.2	2.2.10	March 28, 2018	Dec. 25, 2014	March 31, 2018	9	15	7
60	Ruby 2.1	2.1.10	March 28, 2018	Dec. 25, 2013	March 31, 2017	3	10	11
61	Ruby 2.0	p648	Dec. 16, 2015	Feb. 24, 2013	Feb. 24, 2016	3	10	21
62	Ruby 1.9	p551	Nov. 13, 2014	Dec. 25, 2007	Feb. 23, 2015	4	19	29
63	Ruby 1.8	1.8.7-p374	June 27, 2013			4	22	28

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
51	- 5.0	MEDIUM	The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document,…	NVD-CWE-Other	CVE-2014-8080	cpe:2.3:a:ruby-lang:ruby:2.1.3:* cpe:2.3:a:ruby-lang:ruby:2.1.2:* cpe:2.3:a:ruby-lang:ruby:2.1.1:* cpe:2.3:a:r…	1.9.3	2024-11-21 11:18 2014-11-4	Show	GitHub Exploit DB Packet Storm

52	- 5.8	MEDIUM	The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby scrip…	CWE-399 Resource Management Errors	CVE-2014-2734	cpe:2.3:a:ruby-lang:ruby:2.1:preview1 cpe:2.3:a:ruby-lang:ruby:2.1:- cpe:2.3:a:ruby-lang:ruby:2.1.1:* cpe:2.3:…		2024-11-21 11:06 2014-04-25	Show	GitHub Exploit DB Packet Storm

53	- 6.8	MEDIUM	Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial o…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2013-4164	cpe:2.3:a:ruby-lang:ruby:2.1:preview1 cpe:2.3:a:ruby-lang:ruby:2.0.0:* cpe:2.3:a:ruby-lang:ruby:1.9:* cpe:2.3:…		2024-11-21 10:55 2013-11-24	Show	GitHub Exploit DB Packet Storm

54	- 6.4	MEDIUM	(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to byp…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-2065	cpe:2.3:a:ruby-lang:ruby:2.0:* cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2 cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1 cpe:2.3:a…		2024-11-21 10:50 2013-11-3	Show	GitHub Exploit DB Packet Storm

55	- 4.3	MEDIUM	Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1…	CWE-310 Cryptographic Issues	CVE-2013-4363	cpe:2.3:a:ruby-lang:ruby:2.0:* cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2 cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1 cpe:2.3:a…		2024-11-21 10:55 2013-10-18	Show	GitHub Exploit DB Packet Storm

56	- 4.3	MEDIUM	Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as use…	CWE-310 Cryptographic Issues	CVE-2013-4287	cpe:2.3:a:ruby-lang:ruby:2.0:* cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2 cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1 cpe:2.3:a…		2024-11-21 10:55 2013-10-18	Show	GitHub Exploit DB Packet Storm

57	- 6.8	MEDIUM	The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character i…	CWE-310 Cryptographic Issues	CVE-2013-4073	cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2 cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1 cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2 …		2024-11-21 10:54 2013-08-18	Show	GitHub Exploit DB Packet Storm

58	- 4.3	MEDIUM	The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix f…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-4481	cpe:2.3:a:ruby-lang:ruby:1.8.7:*		2024-11-21 10:42 2013-05-2	Show	GitHub Exploit DB Packet Storm

59	- 5.0	MEDIUM	Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-4466	cpe:2.3:a:ruby-lang:ruby:2.0:* cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2 cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1 cpe:2.3:a…		2024-11-21 10:42 2013-04-26	Show	GitHub Exploit DB Packet Storm

60	- 5.0	MEDIUM	Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-4464	cpe:2.3:a:ruby-lang:ruby:2.0:* cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2 cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1 cpe:2.3:a…		2024-11-21 10:42 2013-04-26	Show	GitHub Exploit DB Packet Storm