Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rh-ruby26-ruby@2.6.9-120?arch=el7
purl pkg:rpm/redhat/rh-ruby26-ruby@2.6.9-120?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-1vp9-6q85-5ffv
Aliases:
CVE-2021-41819
GHSA-4vf4-qmvg-mh7h
Reliance on Cookies without Validation and Integrity Checking in a Security Decision CGI::Cookie.parse in Ruby mishandles security prefixes in cookie names. This also affects the CGI gem for Ruby. There are no reported fixed by versions.
VCID-a1z8-2fdu-1uhd
Aliases:
CVE-2021-31799
GHSA-ggxm-pgc9-g7fp
Arbitrary Code Execution in Rdoc In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. There are no reported fixed by versions.
VCID-dy2a-n93k-yfgd
Aliases:
CVE-2020-36327
GHSA-fp4w-jxhp-m23p
Dependency Confusion in Bundler Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. There are no reported fixed by versions.
VCID-mkq9-21q7-6kg6
Aliases:
CVE-2021-41817
GHSA-qg54-694p-wgpp
Regular expression denial of service vulnerability (ReDoS) in date Date includes a ReDoS vulnerability. There are no reported fixed by versions.
VCID-t9y5-hd9b-bkc4
Aliases:
CVE-2021-31810
GHSA-wr95-679j-87v9
Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. There are no reported fixed by versions.
VCID-xkby-43zv-x3f7
Aliases:
CVE-2021-32066
GHSA-gx49-h5r3-q3xj
Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:03:17.106880+00:00 RedHat Importer Affected by VCID-dy2a-n93k-yfgd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36327.json 38.0.0
2026-04-01T14:02:22.008035+00:00 RedHat Importer Affected by VCID-a1z8-2fdu-1uhd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31799.json 38.0.0
2026-04-01T14:01:56.904166+00:00 RedHat Importer Affected by VCID-xkby-43zv-x3f7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32066.json 38.0.0
2026-04-01T14:01:56.816931+00:00 RedHat Importer Affected by VCID-t9y5-hd9b-bkc4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31810.json 38.0.0
2026-04-01T14:01:01.799262+00:00 RedHat Importer Affected by VCID-mkq9-21q7-6kg6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41817.json 38.0.0
2026-04-01T14:01:00.621844+00:00 RedHat Importer Affected by VCID-1vp9-6q85-5ffv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41819.json 38.0.0