ruby

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An object-oriented language for quick and easy programming
Version 3.3.5-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2757 3.0.3-1 3.0.4-1 High Fixed
AVG-2582 3.0.2-2 Medium Not affected
AVG-2555 3.0.2-2 3.0.3-1 Medium Fixed
AVG-2138 3.0.1-1 3.0.2-1 High Fixed
AVG-1789 2.7.2-1 3.0.1-1 Critical Fixed
AVG-1039 2.6.4-1 2.6.5-1 Medium Fixed FS#63977
Issue Group Severity Remote Type Description
CVE-2022-28739 AVG-2757 High Unknown Information disclosure 
out-of-bounds read in string-to-float conversion
CVE-2022-28738 AVG-2757 Unknown Unknown Arbitrary code execution 
double-free in Regexp compilation
CVE-2021-41819 AVG-2555 Medium Yes Content spoofing 
A security issue has been found in Ruby before versions 3.0.3, 2.7.5 and 2.6.9. A cookie prefix spoofing vulnerability was discovered in CGI::Cookie.parse...
CVE-2021-41817 AVG-2555 Low Yes Denial of service 
A security issue has been found in Ruby before versions 3.0.3, 2.7.5 and 2.6.9. In the Ruby "date" gem before versions 3.2.1, 3.1.2, 3.0.2, and 2.0.1, there...
CVE-2021-41816 AVG-2582 Medium Yes Arbitrary code execution 
A security issue has been found in Ruby before versions 3.0.3 and 2.7.5. A buffer overrun vulnerability was discovered in the cgi gem before versions 0.3.1,...
CVE-2021-32066 AVG-2138 High Yes Silent downgrade 
A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. Net::IMAP does not raise an exception when StartTLS fails with an...
CVE-2021-31810 AVG-2138 Medium Yes Information disclosure 
A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. A malicious FTP server can use the PASV response to trick Net::FTP into...
CVE-2021-28965 AVG-1789 Critical Yes Incorrect calculation 
When parsing and serializing a crafted XML document, the REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is...
CVE-2019-16255 AVG-1039 Medium Yes Arbitrary code execution 
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to code injection. Shell#[] and its alias Shell#test defined in lib/shell.rb...
CVE-2019-16254 AVG-1039 Medium Yes Content spoofing 
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to HTTP response splitting in WEBrick bundled with Ruby. If a program using...
CVE-2019-16201 AVG-1039 Medium Yes Denial of service 
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to denial of service via regular expressions in WEBrick's Digest access...
CVE-2019-15845 AVG-1039 Medium Yes Insufficient validation 
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to NUL injection in built-in methods (File.fnmatch and File.fnmatch?). An...

Advisories

Date Advisory Group Severity Type
14 Jul 2021 ASA-202107-23 AVG-2138 High multiple issues
02 Oct 2019 ASA-201910-2 AVG-1039 Medium multiple issues