Search CVE reports


Toggle filters

21 – 27 of 27 results


CVE-2021-32066

Medium priority
Fixed

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to...

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2021-31799

Medium priority
Fixed

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2021-31810

Low priority
Fixed

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially...

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2021-28965

Medium priority

Some fixes available 6 of 9

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

4 affected packages

ruby-rexml, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rexml Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2020-25613

Low priority
Fixed

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker...

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release
ruby2.3 Not in release Not in release Fixed
ruby2.5 Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2020-10933

Low priority

Some fixes available 2 of 3

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size,...

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not affected
ruby2.5 Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2020-10663

Medium priority

Some fixes available 2 of 7

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor...

5 affected packages

ruby-json, ruby2.1, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-json Not affected Not affected Not affected Needs evaluation Needs evaluation
ruby2.1 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Not in release
ruby2.7 Not affected Not in release Not in release
Show less packages