National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): Ruby
  • Search Type: Search Last 3 Months
  • Contains Software Flaws (CVE)
There are 6 matching records.
Vuln ID Summary CVSS Severity

The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.

Published: October 05, 2018; 02:29:00 AM -04:00
(not available)

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.

Published: August 10, 2018; 05:29:00 PM -04:00
V2: 10.0 HIGH

CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.

Published: July 24, 2018; 09:29:00 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.

Published: July 16, 2018; 11:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM

ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter.

Published: July 05, 2018; 12:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.

Published: July 05, 2018; 12:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM