Known Vulnerabilities for products from Ruby-lang
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ruby-lang".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-41819 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-01-01 | 2024-01-24 |
| CVE-2021-41817 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-01-01 | 2024-01-24 |
| CVE-2021-41816 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-02-06 | 2024-01-24 |
| CVE-2021-33621 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-11-18 | 2024-01-24 |
| CVE-2021-32066 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an except... | 7.4 - HIGH | 2021-08-01 | 2024-01-24 |
| CVE-2021-31810 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the... | 5.8 - MEDIUM | 2021-07-13 | 2024-01-24 |
| CVE-2021-31799 | In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via |... | 7 - HIGH | 2021-07-30 | 2024-01-05 |
| CVE-2021-28966 | In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with T... | 7.5 - HIGH | 2021-07-30 | 2022-08-12 |
| CVE-2021-28965 | The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round... | 7.5 - HIGH | 2021-04-21 | 2023-11-07 |
| CVE-2020-25613 | An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bu... | 7.5 - HIGH | 2020-10-06 | 2024-01-24 |
| CVE-2020-10933 | An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonbl... | 5.3 - MEDIUM | 2020-05-04 | 2023-11-07 |
| CVE-2020-10663 | The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsa... | 7.5 - HIGH | 2020-04-28 | 2023-11-07 |
| CVE-2020-8130 | There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins ... | 6.4 - MEDIUM | 2020-02-24 | 2023-11-07 |
| CVE-2020-5247 | In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, a... | 7.5 - HIGH | 2020-02-28 | 2023-11-07 |
| CVE-2019-16255 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "comman... | 8.1 - HIGH | 2019-11-26 | 2023-04-30 |
| CVE-2019-16254 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick i... | 5.3 - MEDIUM | 2019-11-26 | 2023-04-30 |
| CVE-2019-16201 | WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression De... | 7.5 - HIGH | 2019-11-26 | 2023-04-30 |
| CVE-2019-15845 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. | 6.5 - MEDIUM | 2019-11-26 | 2020-08-24 |
| CVE-2019-11879 | ** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a sy... | 5.5 - MEDIUM | 2019-05-10 | 2023-11-07 |
| CVE-2018-16396 | An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It doe... | 8.1 - HIGH | 2018-11-16 | 2019-10-03 |