National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Ruby
There are 466 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2015-4411

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.

Published: February 20, 2020; 12:15:12 PM -05:00
(not available)
CVE-2015-4410

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.

Published: February 20, 2020; 12:15:12 PM -05:00
(not available)
CVE-2020-5241

matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4.

Published: February 12, 2020; 07:15:11 PM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2013-1607

Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability

Published: February 11, 2020; 01:15:15 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-17268

The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected.

Published: February 07, 2020; 09:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-5217

In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in secure_headers are sorted alphabetically so they pretty much all come before script-src. A previously undefined directive would receive a value even if SecureHeaders::OPT_OUT was supplied. The fixed versions will silently convert the semicolons to spaces and emit a deprecation warning when this happens. This will result in innocuous browser console messages if being exploited/accidentally used. In future releases, we will raise application errors resulting in 500s. Depending on what major version you are using, the fixed versions are 6.2.0, 5.1.0, 3.8.0.

Published: January 22, 2020; 10:15:10 PM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-5216

In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0.

Published: January 22, 2020; 10:15:10 PM -05:00
V3.1: 5.8 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-10780

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open.

Published: January 22, 2020; 09:15:11 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2015-2784

The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input.

Published: January 21, 2020; 01:15:12 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-6840

In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c.

Published: January 10, 2020; 10:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-6839

In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c.

Published: January 10, 2020; 10:15:11 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-6838

In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c.

Published: January 10, 2020; 10:15:10 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2013-4318

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.

Published: December 26, 2019; 04:15:11 PM -05:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2019-16782

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.

Published: December 18, 2019; 03:15:16 PM -05:00
V3.1: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16779

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.

Published: December 16, 2019; 03:15:15 PM -05:00
V3.1: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-0241

rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable

Published: December 13, 2019; 08:15:11 AM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2013-4593

RubyGem omniauth-facebook has an access token security vulnerability

Published: December 11, 2019; 09:15:09 AM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2013-2095

rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection

Published: December 10, 2019; 09:15:10 AM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2015-1855

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.

Published: November 29, 2019; 04:15:10 PM -05:00
V3.1: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

Published: November 26, 2019; 01:15:15 PM -05:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH