U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): Ruby
There are 512 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `https:` or `wss:` connection made using these libraries is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. The first request a Faye client makes is always sent via normal HTTP, but later messages may be sent via WebSocket. Therefore it is vulnerable to the same problem that these underlying libraries are, and we needed both libraries to support TLS verification before Faye could claim to do the same. Your client would still be insecure if its initial HTTPS request was verified, but later WebSocket connections were not. This is fixed in Faye v1.4.0, which enables verification by default. For further background information on this issue, please see the referenced GitHub Advisory.

Published: July 31, 2020; 2:15:14 PM -0400
V3.1: 8.7 HIGH
V2.0: 6.4 MEDIUM
CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.

Published: July 17, 2020; 12:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.

Published: June 02, 2020; 3:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-20807

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

Published: May 28, 2020; 10:15:11 AM -0400
V3.1: 5.3 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2020-10933

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.

Published: May 04, 2020; 11:15:13 AM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-11020

Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5.

Published: April 29, 2020; 2:15:13 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-10663

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.

Published: April 28, 2020; 5:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-5247

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.

Published: February 28, 2020; 12:15:12 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-8130

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

Published: February 24, 2020; 10:15:11 AM -0500
V3.1: 6.4 MEDIUM
V2.0: 6.9 MEDIUM
CVE-2015-4411

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.

Published: February 20, 2020; 12:15:12 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-4410

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.

Published: February 20, 2020; 12:15:12 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2013-1607

Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability

Published: February 11, 2020; 1:15:15 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-17268

The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected.

Published: February 07, 2020; 9:15:11 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-10780

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open.

Published: January 22, 2020; 9:15:11 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2015-2784

The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input.

Published: January 21, 2020; 1:15:12 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2013-4318

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.

Published: December 26, 2019; 4:15:11 PM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-16779

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, and it would be difficult to purposefully exploit this.

Published: December 16, 2019; 3:15:15 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-0241

rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable

Published: December 13, 2019; 8:15:11 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2013-4593

RubyGem omniauth-facebook has an access token security vulnerability

Published: December 11, 2019; 9:15:09 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2013-2095

rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection

Published: December 10, 2019; 9:15:10 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH