Known Vulnerabilities for products from Ruby-lang

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ruby-lang".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-32066 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an except... 7.4 - HIGH 2021-08-01 2021-10-13
CVE-2021-31810 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the... 5.8 - MEDIUM 2021-07-13 2021-10-13
CVE-2021-31799 In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via |... 7 - HIGH 2021-07-30 2021-10-13
CVE-2021-28966 In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with T... 7.5 - HIGH 2021-07-30 2021-09-02
CVE-2021-28965 The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round... 7.5 - HIGH 2021-04-21 2021-06-02
CVE-2020-25613 An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bu... 7.5 - HIGH 2020-10-06 2021-01-15
CVE-2020-10933 An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonbl... 5.3 - MEDIUM 2020-05-04 2021-07-21
CVE-2020-10663 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsa... 7.5 - HIGH 2020-04-28 2021-09-22
CVE-2020-8130 There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins ... 6.4 - MEDIUM 2020-02-24 2020-06-30
CVE-2020-5247 In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, a... 7.5 - HIGH 2020-02-28 2020-04-09
CVE-2019-16255 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "comman... 8.1 - HIGH 2019-11-26 2020-08-24
CVE-2019-16254 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick i... 5.3 - MEDIUM 2019-11-26 2020-08-16
CVE-2019-16201 WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression De... 7.5 - HIGH 2019-11-26 2020-08-16
CVE-2019-15845 Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. 6.5 - MEDIUM 2019-11-26 2020-08-24
CVE-2019-11879 ** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a sy... 5.5 - MEDIUM 2019-05-10 2020-08-24
CVE-2018-16396 An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It doe... 8.1 - HIGH 2018-11-16 2019-10-03
CVE-2018-16395 An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before... 9.8 - CRITICAL 2018-11-16 2019-10-03
CVE-2018-8780 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new,... 9.1 - CRITICAL 2018-04-03 2019-07-21
CVE-2018-8779 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open an... 7.5 - HIGH 2018-04-03 2019-07-21
CVE-2018-8778 In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controllin... 7.5 - HIGH 2018-04-03 2019-10-03

Known software with vulnerabilities from Ruby-lang

Type Vendor Product Version
ApplicationRuby-langOpenssl-
ApplicationRuby-langRake0.7.3
ApplicationRuby-langRuby-
ApplicationRuby-langRuby193-
ApplicationRuby-langTrunk-
ApplicationRuby-langWebrick1.4.0

Popular searches for "Ruby-lang"

Ruby Programming Language

ruby-lang.org

Ruby Programming Language dynamic, open source programming language with a focus on simplicity and productivity. It has an elegant syntax that is natural to read and easy to write. Participate in a friendly and growing community. Mailing Lists: Talk about Ruby with programmers from all around the world.

www.ruby-lang.org/en www.ruby-lang.org/en www.ruby-lang.org/en/index.html www.ruby-lang.org/en www.ruby-lang.org/en ruby-lang.org/en www.ruby-lang.org/en Ruby (programming language) Comparison of open-source programming language licensing Type system Programmer Syntax (programming languages) Productivity "Hello, World!" program Syntax Library (computing) Productivity software Simplicity Software release life cycle Blog Documentation User (computing) Newline Preview (macOS) Dynamic programming language Hypertext Transfer Protocol Method (computer programming)

Download Ruby

www.ruby-lang.org/en/downloads

Download Ruby Here you can get the latest Ruby distributions in your favorite flavor. Stable Snapshot of ruby 3 0 branch: This is a tarball of the latest snapshot of the current ruby 3 0 branch. Stable Snapshot of ruby 2 7 branch: This is a tarball of the latest snapshot of the current ruby 2 7 branch. Stable Snapshot of ruby 2 6 branch: This is a tarball of the latest snapshot of the current ruby 2 6 branch.

Ruby (programming language) Snapshot (computer storage) Tar (computing) Branching (version control) Installation (computer programs) Download Linux distribution Computing platform Programming tool Package manager Third-party software component Branch (computer science) Source code Compiler SHA-2 Solution Software license Git Unix Linux