Vulnerabilities > Ruby Lang > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-10 | CVE-2019-11879 | Link Following vulnerability in Ruby-Lang Webrick 1.4.2 The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. | 5.5 |
| 2018-04-03 | CVE-2017-17742 | HTTP Response Splitting vulnerability in multiple products Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. | 5.3 |
| 2017-06-12 | CVE-2015-9096 | CRLF Injection vulnerability in Ruby-Lang Ruby Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. | 6.1 |