Search for packages
| purl | pkg:rpm/redhat/ruby200-rubygem-nokogiri@1.5.11-2?arch=el6cf |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-65ha-wgr4-eqd4
Aliases: CVE-2013-4492 GHSA-r5hc-9xx5-97rw |
Reflective XSS Vulnerability When a translation is missing, the HTML exception message raised does not escape the keys. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack. | There are no reported fixed by versions. |
|
VCID-e3j5-xgbr-2qa1
Aliases: CVE-2013-4389 GHSA-rg5m-3fqp-6px8 OSV-98629 |
Possible DoS Vulnerability A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: `"some string #{user_input}" % some_number` | There are no reported fixed by versions. |
|
VCID-g8de-56gr-37cf
Aliases: CVE-2014-7819 GHSA-33pp-3763-mrfp OSV-113965 |
Arbitrary file existence disclosure Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside an application's root directory. The files will not be served, but attackers can determine whether the file exists. | There are no reported fixed by versions. |
|
VCID-jggb-58ap-ybab
Aliases: CVE-2015-3448 GHSA-mx9f-w8qq-q5jf |
Log Plaintext Password Local Disclosure REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information. | There are no reported fixed by versions. |
|
VCID-vhdm-w6p1-uuh9
Aliases: CVE-2015-1820 GHSA-3fhf-6939-qg8p OSV-119878 |
Session fixation vulnerability via Set-Cookie headers The package rest-client in `abstract_response.rb` improperly handles `Set-Cookie` headers on HTTP redirection responses. Any cookies will be forwarded to the redirection target regardless of domain, path, or expiration. If you control a redirection source, you can cause rest-client to perform a request to any third-party domain with cookies of your choosing, which may be useful in performing a session fixation attack. If you control a redirection target, you can steal any cookies set by the third-party redirection request. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:49:45.900692+00:00 | RedHat Importer | Affected by | VCID-e3j5-xgbr-2qa1 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json | 38.0.0 |
| 2026-04-01T14:49:18.415032+00:00 | RedHat Importer | Affected by | VCID-65ha-wgr4-eqd4 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4492.json | 38.0.0 |
| 2026-04-01T14:45:31.092553+00:00 | RedHat Importer | Affected by | VCID-g8de-56gr-37cf | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7819.json | 38.0.0 |
| 2026-04-01T14:45:01.246312+00:00 | RedHat Importer | Affected by | VCID-jggb-58ap-ybab | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3448.json | 38.0.0 |
| 2026-04-01T14:42:23.232193+00:00 | RedHat Importer | Affected by | VCID-vhdm-w6p1-uuh9 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1820.json | 38.0.0 |