Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 51 results


CVE-2021-31810

Low priority
Fixed

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially...

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2021-28965

Medium priority

Some fixes available 6 of 9

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

4 affected packages

ruby-rexml, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rexml Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2020-25613

Low priority
Fixed

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker...

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release
ruby2.3 Not in release Not in release Fixed
ruby2.5 Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2020-10933

Low priority

Some fixes available 2 of 3

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size,...

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not affected
ruby2.5 Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2020-10663

Medium priority

Some fixes available 2 of 7

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor...

5 affected packages

ruby-json, ruby2.1, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-json Not affected Not affected Not affected Needs evaluation Needs evaluation
ruby2.1 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Not in release
ruby2.7 Not affected Not in release Not in release
Show less packages

CVE-2019-16255

Medium priority

Some fixes available 5 of 17

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to...

3 affected packages

jruby, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2019-16254

Medium priority

Some fixes available 5 of 6

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character...

3 affected packages

jruby, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Not affected Not affected Not affected
ruby2.3 Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Fixed Not in release
Show less packages

CVE-2019-16201

Medium priority

Some fixes available 5 of 17

WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth...

3 affected packages

jruby, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Needs evaluation Vulnerable Vulnerable Vulnerable
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2019-15845

Medium priority
Fixed

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.

3 affected packages

jruby, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Not affected Not affected
ruby2.3 Not in release Fixed
ruby2.5 Fixed Not in release
Show less packages

CVE-2019-8325

Medium priority

Some fixes available 8 of 11

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)

6 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.1, ruby2.3, ruby2.5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Not affected Not affected Vulnerable Not affected
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.1 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Not in release
Show less packages