Known Vulnerabilities for products from Ruby-lang
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ruby-lang".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
|CVE||Shortened Description||Severity||Publish Date||Last Modified|
|CVE-2021-32066||An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an except...||7.4 - HIGH||2021-08-01||2021-10-13|
|CVE-2021-31810||An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the...||5.8 - MEDIUM||2021-07-13||2021-10-13|
|CVE-2021-31799||In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via |...||7 - HIGH||2021-07-30||2021-10-13|
|CVE-2021-28966||In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with T...||7.5 - HIGH||2021-07-30||2021-09-02|
|CVE-2021-28965||The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round...||7.5 - HIGH||2021-04-21||2021-06-02|
|CVE-2020-25613||An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bu...||7.5 - HIGH||2020-10-06||2021-01-15|
|CVE-2020-10933||An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonbl...||5.3 - MEDIUM||2020-05-04||2021-07-21|
|CVE-2020-10663||The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsa...||7.5 - HIGH||2020-04-28||2021-09-22|
|CVE-2020-8130||There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins ...||6.4 - MEDIUM||2020-02-24||2020-06-30|
|CVE-2020-5247||In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, a...||7.5 - HIGH||2020-02-28||2020-04-09|
|CVE-2019-16255||Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "comman...||8.1 - HIGH||2019-11-26||2020-08-24|
|CVE-2019-16254||Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick i...||5.3 - MEDIUM||2019-11-26||2020-08-16|
|CVE-2019-16201||WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression De...||7.5 - HIGH||2019-11-26||2020-08-16|
|CVE-2019-15845||Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.||6.5 - MEDIUM||2019-11-26||2020-08-24|
|CVE-2019-11879||** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a sy...||5.5 - MEDIUM||2019-05-10||2020-08-24|
|CVE-2018-16396||An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It doe...||8.1 - HIGH||2018-11-16||2019-10-03|
|CVE-2018-16395||An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before...||9.8 - CRITICAL||2018-11-16||2019-10-03|
|CVE-2018-8780||In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new,...||9.1 - CRITICAL||2018-04-03||2019-07-21|
|CVE-2018-8779||In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open an...||7.5 - HIGH||2018-04-03||2019-07-21|
|CVE-2018-8778||In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controllin...||7.5 - HIGH||2018-04-03||2019-10-03|
Known software with vulnerabilities from Ruby-lang
Popular searches for "Ruby-lang"
Ruby Programming Language dynamic, open source programming language with a focus on simplicity and productivity. It has an elegant syntax that is natural to read and easy to write. Participate in a friendly and growing community. Mailing Lists: Talk about Ruby with programmers from all around the world.www.ruby-lang.org/en www.ruby-lang.org/en www.ruby-lang.org/en/index.html www.ruby-lang.org/en www.ruby-lang.org/en ruby-lang.org/en www.ruby-lang.org/en Ruby (programming language) Comparison of open-source programming language licensing Type system Programmer Syntax (programming languages) Productivity "Hello, World!" program Syntax Library (computing) Productivity software Simplicity Software release life cycle Blog Documentation User (computing) Newline Preview (macOS) Dynamic programming language Hypertext Transfer Protocol Method (computer programming)
Download Ruby Here you can get the latest Ruby distributions in your favorite flavor. Stable Snapshot of ruby 3 0 branch: This is a tarball of the latest snapshot of the current ruby 3 0 branch. Stable Snapshot of ruby 2 7 branch: This is a tarball of the latest snapshot of the current ruby 2 7 branch. Stable Snapshot of ruby 2 6 branch: This is a tarball of the latest snapshot of the current ruby 2 6 branch.Ruby (programming language) Snapshot (computer storage) Tar (computing) Branching (version control) Installation (computer programs) Download Linux distribution Computing platform Programming tool Package manager Third-party software component Branch (computer science) Source code Compiler SHA-2 Solution Software license Git Unix Linux