Search CVE reports
1 – 6 of 6 results
CVE-2014-6438
Low priorityThe URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.
7 affected packages
ruby1.8, ruby1.9, ruby1.9.1, ruby2.0, ruby2.1...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby1.8 | — | — | — | — | Not in release |
ruby1.9 | — | — | — | — | Not in release |
ruby1.9.1 | — | — | — | — | Not in release |
ruby2.0 | — | — | — | — | Not in release |
ruby2.1 | — | — | — | — | Not in release |
ruby2.2 | — | — | — | — | Not in release |
ruby2.3 | — | — | — | — | Not affected |
CVE-2009-5147
Low prioritySome fixes available 1 of 5
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
6 affected packages
ruby1.8, ruby1.9.1, ruby2.0, ruby2.1, ruby2.2, ruby2.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby1.8 | — | — | — | — | Not in release |
ruby1.9.1 | — | — | — | — | Not in release |
ruby2.0 | — | — | — | — | Not in release |
ruby2.1 | — | — | — | — | Not in release |
ruby2.2 | — | — | — | — | Not in release |
ruby2.3 | — | — | — | — | Not affected |
CVE-2015-7551
Low prioritySome fixes available 1 of 6
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which...
5 affected packages
ruby1.9.1, ruby2.0, ruby2.1, ruby2.2, ruby2.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby1.9.1 | — | — | — | — | Not in release |
ruby2.0 | — | — | — | — | Not in release |
ruby2.1 | — | — | — | — | Not in release |
ruby2.2 | — | — | — | — | Not in release |
ruby2.3 | — | — | — | — | Not affected |
CVE-2015-4020
Low priorityRubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a...
7 affected packages
jruby, libgems-ruby, ruby1.8, ruby1.9.1, ruby2.1...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jruby | — | — | — | — | — |
libgems-ruby | — | — | — | — | — |
ruby1.8 | — | — | — | — | — |
ruby1.9.1 | — | — | — | — | — |
ruby2.1 | — | — | — | — | — |
ruby2.2 | — | — | — | — | — |
rubygems | — | — | — | — | — |
CVE-2015-3900
Low priorityRubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a...
8 affected packages
jruby, libgems-ruby, ruby1.8, ruby1.9.1, ruby2.1...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jruby | — | — | — | — | — |
libgems-ruby | — | — | — | — | — |
ruby1.8 | — | — | — | — | — |
ruby1.9.1 | — | — | — | — | — |
ruby2.1 | — | — | — | — | — |
ruby2.2 | — | — | — | — | — |
ruby2.3 | — | — | — | — | — |
rubygems | — | — | — | — | — |
CVE-2015-1855
Low prioritySome fixes available 2 of 11
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors...
6 affected packages
ruby1.8, ruby1.9.1, ruby2.0, ruby2.1, ruby2.2, ruby2.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby1.8 | — | — | — | — | Not in release |
ruby1.9.1 | — | — | — | — | Not in release |
ruby2.0 | — | — | — | — | Not in release |
ruby2.1 | — | — | — | — | Not in release |
ruby2.2 | — | — | — | — | Not in release |
ruby2.3 | — | — | — | — | Not affected |