Vulnerabilities > Ruby Lang
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-01 | CVE-2021-41819 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. | 7.5 |
2022-01-01 | CVE-2021-41817 | Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. | 7.5 |
2021-08-01 | CVE-2021-32066 | Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. | 7.4 |
2021-07-30 | CVE-2021-28966 | Path Traversal vulnerability in Ruby-Lang Ruby In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. | 5.0 |
2021-07-30 | CVE-2021-31799 | OS Command Injection vulnerability in multiple products In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | 7.0 |
2021-07-13 | CVE-2021-31810 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. | 5.8 |
2021-04-21 | CVE-2021-28965 | The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. | 7.5 |
2020-10-06 | CVE-2020-25613 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. | 7.5 |
2020-05-04 | CVE-2020-10933 | Use of Uninitialized Resource vulnerability in multiple products An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. | 5.3 |
2020-02-28 | CVE-2020-5247 | HTTP Response Splitting vulnerability in multiple products In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. | 7.5 |