cbcvebase.

Ruby-Lang Ruby vulnerabilities

95 known vulnerabilities affecting ruby-lang/ruby.

Total CVEs
95
CISA KEV
0
Public exploits
11
Exploited in wild
1
Severity breakdown
CRITICAL16HIGH35MEDIUM44

Vulnerabilities

Page 1 of 5
CVE-2015-9251P2MEDIUMCVSS 6.1ExploitedPoC≥ 0, < 2.5.6-r02018-01-18
CVE-2015-9251 [MEDIUM] CVE-2015-9251: jQuery before 3 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
osv
CVE-2017-17405P2HIGHCVSS 8.8PoC≥ 2.2, ≤ 2.2.8≥ 2.3, ≤ 2.3.5+2 more2017-12-15
CVE-2017-17405 [HIGH] CWE-78 CVE-2017-17405: Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malici
nvdosv
CVE-2008-3656P3HIGHCVSS 7.8PoC≤ 1.8.5v1.6.8+9 more2008-08-13
CVE-2008-3656 [HIGH] CWE-399 CVE-2008-3656: Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBric Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that i
nvd
CVE-2013-4164P3MEDIUMCVSS 6.8PoCv1.8v1.9+5 more2013-11-23
CVE-2013-4164 [MEDIUM] CWE-119 CVE-2013-4164: Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1 Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the
nvd
CVE-2008-3657P3HIGHCVSS 7.5PoC≤ 1.8.5v1.6.8+9 more2008-08-13
CVE-2008-3657 [HIGH] CWE-20 CVE-2008-3657: The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
nvd
CVE-2008-3655P3HIGHCVSS 7.5PoC≤ 1.8.5v1.6.8+9 more2008-08-13
CVE-2008-3655 [HIGH] CWE-264 CVE-2008-3655: Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 do Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insec
nvd
CVE-2021-28966P3HIGHCVSS 7.5fixed in 2.7.3≥ 3.0.0, < 3.0.12021-07-30
CVE-2021-28966 [HIGH] CWE-22 CVE-2021-28966: In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application h In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir.
nvdosv
CVE-2012-6708P3MEDIUMCVSS 6.1PoC≥ 0, < 2.5.6-r02018-01-18
CVE-2012-6708 [MEDIUM] CVE-2012-6708: jQuery before 1 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it exp
osv
CVE-2008-4310P3HIGHCVSS 7.8PoCv1.8.1v1.8.52008-12-09
CVE-2008-4310 [HIGH] CVE-2008-4310: httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
nvd
CVE-2017-10784P3HIGHCVSS 8.8≤ 2.2.7v2.3.0+6 more2017-09-19
CVE-2017-10784 [HIGH] CWE-287 CVE-2017-10784: The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
nvdosv
CVE-2016-2337P3CRITICALCVSS 9.8v2.2.2v2.3.02017-01-06
CVE-2016-2337 [CRITICAL] CVE-2016-2337: Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type o Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
nvd
CVE-2016-2338P3CRITICALCVSS 9.8v2.2.2v2.3.02022-09-29
CVE-2016-2338 [CRITICAL] CWE-787 CVE-2016-2338: An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of R An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overfl
nvd
CVE-2018-16395P3CRITICALCVSS 9.8≥ 2.3.0, ≤ 2.3.7≥ 2.4.0, ≤ 2.4.4+2 more2018-11-16
CVE-2018-16395 [CRITICAL] CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x befor An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument conta
nvdosv
CVE-2018-8780P3CRITICALCVSS 9.1fixed in 2.2.10≥ 2.3.0, < 2.3.7+3 more2018-04-03
CVE-2018-8780 [CRITICAL] CWE-22 CVE-2018-8780: In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.
nvdosv
CVE-2017-0898P3CRITICALCVSS 9.1v2.2.0v2.2.1+13 more2017-09-15
CVE-2017-0898 [CRITICAL] CWE-134 CVE-2017-0898: Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a prec Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
nvdosv
CVE-2019-16255P3HIGHCVSS 8.1≥ 2.4.0, ≤ 2.4.7≥ 2.5.0, ≤ 2.5.6+1 more2019-11-26
CVE-2019-16255 [HIGH] CWE-94 CVE-2019-16255: Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.
nvd
CVE-2011-4121P3CRITICALCVSS 9.8≥ 1.8.7.334, < 1.9.32019-11-26
CVE-2011-4121 [CRITICAL] CWE-326 CVE-2011-4121: The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generate The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
nvd
CVE-2008-3790P4MEDIUMCVSS 5.0PoCv1.8.6v1.8.7+1 more2008-08-27
CVE-2008-3790 [MEDIUM] CWE-20 CVE-2008-3790: The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-d The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
nvd
CVE-2017-17790P3CRITICALCVSS 9.8≥ 2.2, ≤ 2.2.8≥ 2.3, ≤ 2.3.5+2 more2017-12-20
CVE-2017-17790 [CRITICAL] CVE-2017-17790: The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might al The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.
nvd
CVE-2021-33621P3HIGHCVSS 8.8≥ 2.7.0, < 2.7.7≥ 3.0.0, < 3.0.5+1 more2022-11-18
CVE-2021-33621 [HIGH] CWE-74 CVE-2021-33621: The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
nvd
Ruby-Lang Ruby vulnerabilities | cvebase