Search CVE reports

Toggle filters

31 – 40 of 81 results

CVE-2020-10933

Low priority

Some fixes available 2 of 3

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size,...

5 affected packages

ruby2.7, ruby2.5, ruby1.9.1, ruby2.0, ruby2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby2.7 Fixed Not in release
ruby2.5 Not in release Fixed
ruby1.9.1 Not in release Not in release
ruby2.0 Not in release Not in release
ruby2.3 Not in release Not in release
Show less packages

CVE-2020-10663

Medium priority

Some fixes available 2 of 7

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor...

5 affected packages

ruby-json, ruby2.1, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby-json Not affected Not affected Not affected Needs evaluation
ruby2.1 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release
ruby2.5 Not in release Not in release Not in release Fixed
ruby2.7 Not affected Not in release
Show less packages

CVE-2019-8325

Medium priority

Some fixes available 8 of 11

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)

6 affected packages

ruby2.1, jruby, ruby1.9.1, ruby2.0, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby2.1 Not in release Not in release Not in release Not in release
jruby Not affected Not affected Vulnerable
ruby1.9.1 Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release
ruby2.5 Not in release Not in release Not in release Fixed
Show less packages

CVE-2019-8324

Medium priority

Some fixes available 8 of 11

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by...

6 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.1, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jruby Not affected Not affected Vulnerable
ruby1.9.1 Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release
ruby2.1 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release
ruby2.5 Not in release Not in release Not in release Fixed
Show less packages

CVE-2019-8323

Medium priority

Some fixes available 8 of 11

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.

6 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.3, ruby2.1, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jruby Not affected Not affected Vulnerable
ruby1.9.1 Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release
ruby2.1 Not in release Not in release Not in release Not in release
ruby2.5 Not in release Not in release Not in release Fixed
Show less packages

CVE-2019-8322

Medium priority

Some fixes available 8 of 11

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur.

6 affected packages

jruby, ruby2.0, ruby2.3, ruby1.9.1, ruby2.1, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jruby Not affected Not affected Vulnerable
ruby2.0 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release
ruby1.9.1 Not in release Not in release Not in release Not in release
ruby2.1 Not in release Not in release Not in release Not in release
ruby2.5 Not in release Not in release Not in release Fixed
Show less packages

CVE-2019-8321

Medium priority

Some fixes available 8 of 11

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.

6 affected packages

ruby2.0, jruby, ruby2.1, ruby1.9.1, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby2.0 Not in release Not in release Not in release Not in release
jruby Not affected Not affected Vulnerable
ruby2.1 Not in release Not in release Not in release Not in release
ruby1.9.1 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release
ruby2.5 Not in release Not in release Not in release Fixed
Show less packages

CVE-2019-8320

Medium priority

Some fixes available 7 of 11

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If...

6 affected packages

jruby, ruby2.1, ruby2.5, ruby1.9.1, ruby2.0, ruby2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jruby Not affected Not affected Vulnerable
ruby2.1 Not in release Not in release Not in release Not in release
ruby2.5 Not in release Not in release Not in release Fixed
ruby1.9.1 Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release
Show less packages

CVE-2019-16255

Medium priority

Some fixes available 5 of 18

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the “command” argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to...

3 affected packages

jruby, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
jruby Needs evaluation Needs evaluation Needs evaluation
ruby2.3 Not in release Not in release Not in release Not in release
ruby2.5 Not in release Not in release Not in release Fixed
Show less packages

CVE-2019-16254

Medium priority

Some fixes available 5 of 6

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character...

3 affected packages

ruby2.3, ruby2.5, jruby

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby2.3 Not in release Not in release Not in release
ruby2.5 Not in release Not in release Fixed
jruby Not affected Not affected
Show less packages
  1. Previous page
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. Next page
Export to JSON