Search CVE reports
11 – 16 of 16 results
Some fixes available 4 of 13
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — |
| ruby2.5 | Not in release | Not in release | Not in release | Vulnerable |
| ruby2.7 | Not in release | Not in release | Fixed | — |
| ruby3.0 | Not in release | Fixed | Not in release | — |
| ruby3.2 | Fixed | Not in release | Not in release | — |
| ruby3.3 | Not in release | Not in release | Not in release | — |
| jruby | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
Some fixes available 4 of 13
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — |
| ruby2.5 | Not in release | Not in release | Not in release | Vulnerable |
| ruby2.7 | Not in release | Not in release | Fixed | — |
| ruby3.0 | Not in release | Fixed | Not in release | — |
| ruby3.2 | Fixed | Not in release | Not in release | — |
| ruby3.3 | Not in release | Not in release | Not in release | — |
| jruby | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
Some fixes available 3 of 12
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — |
| ruby2.5 | Not in release | Not in release | Not in release | Vulnerable |
| ruby2.7 | Not in release | Not in release | Fixed | — |
| ruby3.0 | Not in release | Fixed | Not in release | — |
| ruby3.2 | Fixed | Not in release | Not in release | — |
| ruby3.3 | Not in release | Not in release | Not in release | — |
| jruby | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
Some fixes available 4 of 14
An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive...
7 affected packages
ruby2.5, ruby2.7, ruby3.1, ruby3.2, ruby2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby2.5 | Not in release | Not in release | Not in release | Vulnerable |
| ruby2.7 | Not in release | Not in release | Fixed | — |
| ruby3.1 | Not in release | Not in release | Not in release | — |
| ruby3.2 | Fixed | Not in release | Not in release | — |
| ruby2.3 | Not in release | Not in release | Not in release | — |
| ruby3.0 | Not in release | Fixed | Not in release | — |
| jruby | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
Some fixes available 6 of 14
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — |
| ruby2.5 | Not in release | Not in release | Not in release | Fixed |
| ruby2.7 | Not in release | Not in release | Fixed | — |
| ruby3.0 | Not in release | Fixed | Not in release | — |
| ruby3.1 | Not in release | Not in release | Not in release | — |
| jruby | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
| ruby3.2 | Fixed | Not in release | Not in release | Not in release |
Some fixes available 3 of 5
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call...
6 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.1, ruby3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — |
| ruby2.5 | Not in release | Not in release | Not in release | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Fixed | — |
| ruby3.0 | Not in release | Fixed | Not in release | — |
| ruby3.1 | Not in release | Not in release | Not in release | — |
| ruby3.2 | Not affected | Not in release | Not in release | Not in release |