Search CVE reports
1 – 10 of 72 results
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remote attacker who can delay DNS...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully",...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Vulnerable |
| ruby2.7 | Not in release | Not in release | Not in release | Vulnerable | — |
| ruby3.0 | Not in release | Not in release | Vulnerable | — | — |
| ruby3.2 | Not in release | Vulnerable | Not in release | — | — |
| ruby3.3 | Vulnerable | Not in release | Not in release | — | — |
| jruby | Vulnerable | Vulnerable | Not in release | Vulnerable | Vulnerable |
Some fixes available 6 of 9
URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series),...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Fixed |
| ruby2.7 | Not in release | Not in release | Not in release | Fixed | — |
| ruby3.0 | Not in release | Not in release | Fixed | — | — |
| ruby3.2 | Not in release | Fixed | Not in release | — | — |
| ruby3.3 | Vulnerable | Not in release | Not in release | — | — |
| jruby | Not affected | Not affected | Not in release | Not affected | Not affected |