VulnerableCode Package Details - pkg:apk/alpine/ruby@3.3.1-r0?arch=riscv64&distroversion=v3.22&reponame=main

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5mfh-yzfk-cqaa	StringIO buffer overread vulnerability An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The `ungetbyte` and `ungetc` methods on a StringIO can read past the end of a string, and a subsequent call to `StringIO.gets` may return the memory value. This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later. We recommend to update the StringIO gem to version 3.0.3 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead: * For Ruby 3.0 users: Update to `stringio` 3.0.1.1 * For Ruby 3.1 users: Update to `stringio` 3.1.0.2 You can use `gem update stringio` to update it. If you are using bundler, please add `gem "stringio", ">= 3.0.1.2"` to your `Gemfile`.	CVE-2024-27280 GHSA-v5h6-c2hv-hv3r
VCID-m4a8-ya4v-tkgm	RDoc RCE vulnerability with .rdoc_options An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing `.rdoc_options` (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache. We recommend to update the RDoc gem to version 6.6.3.1 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead: * For Ruby 3.0 users: Update to `rdoc` 6.3.4.1 * For Ruby 3.1 users: Update to `rdoc` 6.4.1.1 * For Ruby 3.2 users: Update to `rdoc` 6.5.1.1 You can use `gem update rdoc` to update it. If you are using bundler, please add `gem "rdoc", ">= 6.6.3.1"` to your `Gemfile`. Note: 6.3.4, 6.4.1, 6.5.1 and 6.6.3 have a incorrect fix. We recommend to upgrade 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 instead of them.	CVE-2024-27281 GHSA-592j-995h-p23j
VCID-x126-x9qm-e7d3	ruby: Arbitrary memory address read vulnerability with Regex search	CVE-2024-27282 GHSA-63cq-cj6g-qfr2

Vulnerability

Summary

Aliases

VCID-5mfh-yzfk-cqaa

StringIO buffer overread vulnerability An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The `ungetbyte` and `ungetc` methods on a StringIO can read past the end of a string, and a subsequent call to `StringIO.gets` may return the memory value. This vulnerability is not affected StringIO 3.0.3 and later, and Ruby 3.2.x and later. We recommend to update the StringIO gem to version 3.0.3 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead: * For Ruby 3.0 users: Update to `stringio` 3.0.1.1 * For Ruby 3.1 users: Update to `stringio` 3.1.0.2 You can use `gem update stringio` to update it. If you are using bundler, please add `gem "stringio", ">= 3.0.1.2"` to your `Gemfile`.

CVE-2024-27280
GHSA-v5h6-c2hv-hv3r

VCID-m4a8-ya4v-tkgm

RDoc RCE vulnerability with .rdoc_options An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing `.rdoc_options` (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache. We recommend to update the RDoc gem to version 6.6.3.1 or later. In order to ensure compatibility with bundled version in older Ruby series, you may update as follows instead: * For Ruby 3.0 users: Update to `rdoc` 6.3.4.1 * For Ruby 3.1 users: Update to `rdoc` 6.4.1.1 * For Ruby 3.2 users: Update to `rdoc` 6.5.1.1 You can use `gem update rdoc` to update it. If you are using bundler, please add `gem "rdoc", ">= 6.6.3.1"` to your `Gemfile`. Note: 6.3.4, 6.4.1, 6.5.1 and 6.6.3 have a incorrect fix. We recommend to upgrade 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 instead of them.

CVE-2024-27281
GHSA-592j-995h-p23j

VCID-x126-x9qm-e7d3

ruby: Arbitrary memory address read vulnerability with Regex search

CVE-2024-27282
GHSA-63cq-cj6g-qfr2

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T17:56:39.648284+00:00	Alpine Linux Importer	Fixing	VCID-m4a8-ya4v-tkgm	https://secdb.alpinelinux.org/v3.22/main.json	38.1.0
2026-04-03T17:54:19.889732+00:00	Alpine Linux Importer	Fixing	VCID-x126-x9qm-e7d3	https://secdb.alpinelinux.org/v3.22/main.json	38.1.0
2026-04-01T19:18:10.439271+00:00	Alpine Linux Importer	Fixing	VCID-5mfh-yzfk-cqaa	https://secdb.alpinelinux.org/v3.22/main.json	38.0.0