| CVE-2019-16255 |
Medium |
Yes |
Arbitrary code execution |
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to code injection. Shell#[] and its alias Shell#test defined in lib/shell.rb... |
| CVE-2019-16254 |
Medium |
Yes |
Content spoofing |
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to HTTP response splitting in WEBrick bundled with Ruby. If a program using... |
| CVE-2019-16201 |
Medium |
Yes |
Denial of service |
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to denial of service via regular expressions in WEBrick's Digest access... |
| CVE-2019-15845 |
Medium |
Yes |
Insufficient validation |
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to NUL injection in built-in methods (File.fnmatch and File.fnmatch?). An... |
| CVE-2015-9251 |
Medium |
Yes |
Cross-site scripting |
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing... |
| CVE-2012-6708 |
Medium |
Yes |
Cross-site scripting |
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a... |