Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ruby-lang Subscribe
Filtered by product Ruby
Total 105 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-22795 2 Ruby-lang, Rubyonrails 2 Ruby, Rails 2023-03-14 N/A 7.5 HIGH
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
CVE-2019-16255 4 Debian, Opensuse, Oracle and 1 more 4 Debian Linux, Leap, Graalvm and 1 more 2023-03-03 6.8 MEDIUM 8.1 HIGH
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
CVE-2016-2338 2 Debian, Ruby-lang 2 Debian Linux, Ruby 2023-03-01 N/A 9.8 CRITICAL
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.
CVE-2013-2119 3 Phusion, Redhat, Ruby-lang 3 Passenger, Openshift, Ruby 2023-02-12 4.6 MEDIUM N/A
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
CVE-2008-2376 2 Redhat, Ruby-lang 2 Fedora 8, Ruby 2023-02-12 7.5 HIGH N/A
Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
CVE-2008-4310 1 Ruby-lang 1 Ruby 2023-02-12 7.8 HIGH N/A
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
CVE-2011-2686 1 Ruby-lang 1 Ruby 2023-02-12 5.0 MEDIUM N/A
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.
CVE-2013-0175 3 Erik Michaels-ober, Grape Project, Ruby-lang 3 Multi Xml, Grape, Ruby 2023-02-12 7.5 HIGH N/A
multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.
CVE-2012-4481 1 Ruby-lang 1 Ruby 2023-02-12 4.3 MEDIUM N/A
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.
CVE-2022-28738 1 Ruby-lang 1 Ruby 2022-11-29 7.5 HIGH 9.8 CRITICAL
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
CVE-2022-28739 3 Apple, Debian, Ruby-lang 3 Macos, Debian Linux, Ruby 2022-11-08 4.3 MEDIUM 7.5 HIGH
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
CVE-2020-5247 4 Debian, Fedoraproject, Puma and 1 more 4 Debian Linux, Fedora, Puma and 1 more 2022-10-12 5.0 MEDIUM 7.5 HIGH
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.
CVE-2021-41816 2 Fedoraproject, Ruby-lang 3 Fedora, Cgi, Ruby 2022-09-09 7.5 HIGH 9.8 CRITICAL
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.
CVE-2021-41819 6 Debian, Fedoraproject, Opensuse and 3 more 9 Debian Linux, Fedora, Factory and 6 more 2022-09-09 5.0 MEDIUM 7.5 HIGH
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVE-2021-41817 6 Debian, Fedoraproject, Opensuse and 3 more 9 Debian Linux, Fedora, Factory and 6 more 2022-09-09 5.0 MEDIUM 7.5 HIGH
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
CVE-2017-9229 3 Oniguruma Project, Php, Ruby-lang 3 Oniguruma, Php, Ruby 2022-09-01 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
CVE-2021-28966 2 Microsoft, Ruby-lang 2 Windows, Ruby 2022-08-12 5.0 MEDIUM 7.5 HIGH
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
CVE-2021-31810 4 Debian, Fedoraproject, Oracle and 1 more 4 Debian Linux, Fedora, Jd Edwards Enterpriseone Tools and 1 more 2022-07-12 5.0 MEDIUM 5.8 MEDIUM
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions).
CVE-2021-32066 2 Oracle, Ruby-lang 2 Jd Edwards Enterpriseone Tools, Ruby 2022-05-10 5.8 MEDIUM 7.4 HIGH
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
CVE-2021-31799 3 Debian, Oracle, Ruby-lang 4 Debian Linux, Jd Edwards Enterpriseone Tools, Rdoc and 1 more 2022-05-10 4.4 MEDIUM 7.0 HIGH
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.