VulnerableCode Package Details - pkg:rpm/redhat/rubygem-ruby

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/rubygem-ruby_parser@2.0.4-6?arch=el6op

Essentials
History (23)

purl	pkg:rpm/redhat/rubygem-ruby_parser@2.0.4-6?arch=el6op

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (23)

Vulnerability	Summary	Fixed by
VCID-1r79-ts6t-hufh Aliases: CVE-2014-3674	Enterprise: gears fail to properly isolate network traffic	There are no reported fixed by versions.
VCID-2ww6-w1k6-xqbp Aliases: CVE-2012-4466 GHSA-gm9g-777x-3fp6	ruby: safe level bypass via name_err_mesg_to_str()	There are no reported fixed by versions.
VCID-5ey2-dm5w-y7a6 Aliases: CVE-2014-3602	OpenShift: /proc/net/tcp information disclosure	There are no reported fixed by versions.
VCID-awt1-8bxs-xffs Aliases: CVE-2012-3424 GHSA-92w9-2pqw-rhjj OSV-84243	actionpack Improper Authentication vulnerability The `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.	There are no reported fixed by versions.
VCID-bsxw-gh14-rbef Aliases: CVE-2012-2695 GHSA-76wq-xw4h-f8wj	activerecord vulnerable to SQL Injection The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.	There are no reported fixed by versions.
VCID-c1w4-z275-tqg7 Aliases: CVE-2012-3463 GHSA-98mf-8f57-64qf OSV-84515	Ruby on Rails Potential XSS Vulnerability in select_tag prompt When a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.	There are no reported fixed by versions.
VCID-c883-yge1-yygb Aliases: CVE-2014-0084 GHSA-756m-3qf2-hp58	openshift-origin-node Improper Input Validation vulnerability Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.	There are no reported fixed by versions.
VCID-cwa7-9d2t-rfhb Aliases: CVE-2012-3465 GHSA-7g65-ghrg-hpf5 OSV-84513	actionpack Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.	There are no reported fixed by versions.
VCID-hbtn-7423-m3gb Aliases: CVE-2013-0276 GHSA-gr44-7grc-37vq OSV-90072	Circumvention of attr_protected The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.	There are no reported fixed by versions.
VCID-hr2h-y693-sbgc Aliases: CVE-2012-3464 GHSA-h835-75hw-pj89 OSV-84516	activesupport Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.rb` in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.	There are no reported fixed by versions.
VCID-hunm-dpcd-r3ff Aliases: CVE-2012-4522 GHSA-6mch-f8jc-rpmr OSV-87917	ruby: unintentional file creation caused by inserting an illegal NUL character	There are no reported fixed by versions.
VCID-j7p8-hchp-xbe3 Aliases: CVE-2013-0155 GHSA-gppp-5xc5-wfpx OSV-89025	Unsafe Query Generation Risk in Ruby on Rails Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does not let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it.	There are no reported fixed by versions.
VCID-jj3a-fpsa-a7at Aliases: CVE-2012-5371 GHSA-phrv-cj28-9h57 OSV-87863	Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition.	There are no reported fixed by versions.
VCID-phxs-zet8-ryh3 Aliases: CVE-2012-2660 GHSA-hgpp-pp89-4fgf OSV-82610	SQL Injection Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places.	There are no reported fixed by versions.
VCID-rq7w-zmh4-17e1 Aliases: CVE-2012-2661 GHSA-fh39-v733-mxfr OSV-82403	SQL injection vulnerability in Active Record Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.	There are no reported fixed by versions.
VCID-rrwv-dzq7-9ybd Aliases: CVE-2013-2034 GHSA-fg4r-f9j2-36mw	Jenkins Cross-Site Request Forgery vulnerabilities Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.	There are no reported fixed by versions.
VCID-s2ka-cp49-q3hz Aliases: CVE-2014-0175	mcollective: default password set at install	There are no reported fixed by versions.
VCID-tt6r-bytq-4fa4 Aliases: CVE-2012-2694 GHSA-q34c-48gc-m9g8	actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request `actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660.	There are no reported fixed by versions.
VCID-vnm4-gfjh-8qa7 Aliases: CVE-2014-0234	openshift-origin-broker: default password creation	There are no reported fixed by versions.
VCID-vspr-h3ds-dudq Aliases: CVE-2013-0162 GHSA-8mvw-22r7-w6fq OSV-90561	Incorrect temporary file usage The ruby_parser Gem does not create temporary files securely. In the `diff_pp` function contained in `lib/gauntlet_rubyparser.rb` function, it creates files as `/tmp/a.[pid]` and `/tmp/b.[pid]` which can be predicted and used for either a denial of service (file cannot be overwritten), or to change the contents of files that are writable.	There are no reported fixed by versions.
VCID-weh8-bs3g-a3hp Aliases: CVE-2012-4464 GHSA-gjcp-rx5c-g849	1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics	There are no reported fixed by versions.
VCID-xenc-mfdw-mucm Aliases: CVE-2013-1808	stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer	There are no reported fixed by versions.
VCID-z46p-c93u-auav Aliases: CVE-2013-2033 GHSA-826f-32qm-vm3j	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVE-2013-2033 Jenkins: Build Description XSS	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:55:37.682395+00:00	RedHat Importer	Affected by	VCID-rq7w-zmh4-17e1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json	38.0.0
2026-04-01T14:55:37.027134+00:00	RedHat Importer	Affected by	VCID-phxs-zet8-ryh3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2660.json	38.0.0
2026-04-01T14:55:04.617697+00:00	RedHat Importer	Affected by	VCID-tt6r-bytq-4fa4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2694.json	38.0.0
2026-04-01T14:55:03.860285+00:00	RedHat Importer	Affected by	VCID-bsxw-gh14-rbef	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2695.json	38.0.0
2026-04-01T14:54:34.818248+00:00	RedHat Importer	Affected by	VCID-awt1-8bxs-xffs	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json	38.0.0
2026-04-01T14:54:33.603030+00:00	RedHat Importer	Affected by	VCID-cwa7-9d2t-rfhb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json	38.0.0
2026-04-01T14:54:32.858246+00:00	RedHat Importer	Affected by	VCID-hr2h-y693-sbgc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json	38.0.0
2026-04-01T14:54:32.096662+00:00	RedHat Importer	Affected by	VCID-c1w4-z275-tqg7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json	38.0.0
2026-04-01T14:54:04.336742+00:00	RedHat Importer	Affected by	VCID-weh8-bs3g-a3hp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4464.json	38.0.0
2026-04-01T14:54:03.479652+00:00	RedHat Importer	Affected by	VCID-2ww6-w1k6-xqbp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4466.json	38.0.0
2026-04-01T14:53:54.911529+00:00	RedHat Importer	Affected by	VCID-hunm-dpcd-r3ff	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4522.json	38.0.0
2026-04-01T14:53:46.113939+00:00	RedHat Importer	Affected by	VCID-jj3a-fpsa-a7at	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5371.json	38.0.0
2026-04-01T14:53:19.947302+00:00	RedHat Importer	Affected by	VCID-j7p8-hchp-xbe3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json	38.0.0
2026-04-01T14:53:17.079355+00:00	RedHat Importer	Affected by	VCID-vspr-h3ds-dudq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0162.json	38.0.0
2026-04-01T14:52:31.056282+00:00	RedHat Importer	Affected by	VCID-hbtn-7423-m3gb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json	38.0.0
2026-04-01T14:52:27.868661+00:00	RedHat Importer	Affected by	VCID-xenc-mfdw-mucm	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1808.json	38.0.0
2026-04-01T14:51:31.781721+00:00	RedHat Importer	Affected by	VCID-rrwv-dzq7-9ybd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2034.json	38.0.0
2026-04-01T14:51:30.189886+00:00	RedHat Importer	Affected by	VCID-z46p-c93u-auav	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2033.json	38.0.0
2026-04-01T14:48:52.158865+00:00	RedHat Importer	Affected by	VCID-c883-yge1-yygb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0084.json	38.0.0
2026-04-01T14:47:53.242863+00:00	RedHat Importer	Affected by	VCID-vnm4-gfjh-8qa7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0234.json	38.0.0
2026-04-01T14:47:32.656669+00:00	RedHat Importer	Affected by	VCID-s2ka-cp49-q3hz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0175.json	38.0.0
2026-04-01T14:46:22.554733+00:00	RedHat Importer	Affected by	VCID-5ey2-dm5w-y7a6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3602.json	38.0.0
2026-04-01T14:45:29.010855+00:00	RedHat Importer	Affected by	VCID-1r79-ts6t-hufh	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3674.json	38.0.0