Search CVE reports
21 – 26 of 26 results
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a...
8 affected packages
jruby, libgems-ruby, ruby1.8, ruby1.9.1, ruby2.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jruby | — | — | — | — |
| libgems-ruby | — | — | — | — |
| ruby1.8 | — | — | — | — |
| ruby1.9.1 | — | — | — | — |
| ruby2.1 | — | — | — | — |
| ruby2.2 | — | — | — | — |
| ruby2.3 | — | — | — | — |
| rubygems | — | — | — | — |
Some fixes available 2 of 11
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors...
6 affected packages
ruby1.8, ruby1.9.1, ruby2.0, ruby2.1, ruby2.2, ruby2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby1.8 | — | — | — | — |
| ruby1.9.1 | — | — | — | — |
| ruby2.0 | — | — | — | — |
| ruby2.1 | — | — | — | — |
| ruby2.2 | — | — | — | — |
| ruby2.3 | — | — | — | — |
The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.
4 affected packages
ruby1.8, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby1.8 | — | — | — | — |
| ruby1.9.1 | — | — | — | — |
| ruby2.0 | — | — | — | — |
| ruby2.1 | — | — | — | — |
Some fixes available 8 of 12
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document...
4 affected packages
ruby1.8, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby1.8 | — | — | — | — |
| ruby1.9.1 | — | — | — | — |
| ruby2.0 | — | — | — | — |
| ruby2.1 | — | — | — | — |
Some fixes available 8 of 13
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion...
5 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby1.8 | — | — | — | — |
| ruby1.9 | — | — | — | — |
| ruby1.9.1 | — | — | — | — |
| ruby2.0 | — | — | — | — |
| ruby2.1 | — | — | — | — |
Some fixes available 7 of 12
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault)...
5 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby1.8 | — | — | — | — |
| ruby1.9 | — | — | — | — |
| ruby1.9.1 | — | — | — | — |
| ruby2.0 | — | — | — | — |
| ruby2.1 | — | — | — | — |