Ruby

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-21	CVE-2021-28965	The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. network low complexity ruby-lang fedoraproject	7.5
2020-10-06	CVE-2020-25613	HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. network low complexity ruby-lang fedoraproject CWE-444	7.5
2020-05-04	CVE-2020-10933	Use of Uninitialized Resource vulnerability in multiple products An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. network low complexity ruby-lang fedoraproject debian CWE-908	5.3
2020-02-28	CVE-2020-5247	In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. network low complexity ruby-lang puma debian fedoraproject	7.5
2019-11-29	CVE-2015-1855	Improper Input Validation vulnerability in multiple products verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters. network high complexity ruby-lang debian puppet CWE-20	5.9
2019-11-26	CVE-2019-16255	Code Injection vulnerability in multiple products Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. network high complexity ruby-lang debian opensuse oracle CWE-94	8.1
2019-11-26	CVE-2019-16254	Injection vulnerability in multiple products Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. network low complexity ruby-lang debian CWE-74	5.3
2019-11-26	CVE-2019-16201	Improper Authentication vulnerability in multiple products WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. network low complexity ruby-lang debian CWE-287	7.5
2019-11-26	CVE-2019-15845	Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. network low complexity ruby-lang canonical	6.5
2019-11-26	CVE-2011-4121	Inadequate Encryption Strength vulnerability in Ruby-Lang Ruby The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. network low complexity ruby-lang CWE-326 critical	9.8