VulnerableCode Package Details - pkg:ruby/ruby@2.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:ruby/ruby@2.3

Essentials
History (14)

purl	pkg:ruby/ruby@2.3

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.4

Vulnerabilities affecting this package (14)

Vulnerability	Summary	Fixed by
VCID-1cad-uybu-2uau Aliases: CVE-2017-17742 GHSA-7p4c-jf2w-hc3w	security update	There are no reported fixed by versions.
VCID-3uaa-r5vu-2fg9 Aliases: CVE-2014-3916 GHSA-252h-69rw-g2rp OSV-107478	ruby: DoS via long string in str_buf_cat()	There are no reported fixed by versions.
VCID-91b7-xx8t-rqhr Aliases: CVE-2017-10784 GHSA-369m-2gv6-mw28	Improper Authentication The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.	There are no reported fixed by versions.
VCID-bad1-7aa4-cugv Aliases: CVE-2018-6914 GHSA-wpg3-wgm5-rv8w	security update	There are no reported fixed by versions.
VCID-beub-d11r-nbe4 Aliases: CVE-2017-17790 GHSA-47cm-jxff-w8wg	security update	There are no reported fixed by versions.
VCID-cvs2-zecm-z3h8 Aliases: CVE-2015-7551 GHSA-m9xr-x5mq-4fp5	ruby: DL:: dlopen could open a library with tainted library name	There are no reported fixed by versions.
VCID-fapg-pt6b-rfb2 Aliases: CVE-2017-14033 GHSA-v6rp-3r3v-hf4p	Improper Restriction of Operations within the Bounds of a Memory Buffer The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.	There are no reported fixed by versions.
VCID-qyz5-zmnt-qucy Aliases: CVE-2018-8780 GHSA-fphx-j9v2-w2cx	security update	There are no reported fixed by versions.
VCID-rdme-1q3s-43d8 Aliases: CVE-2018-8777 GHSA-9j6f-82h4-9mw2	security update	There are no reported fixed by versions.
VCID-rwak-wvuw-qbcg Aliases: CVE-2014-4975 GHSA-gxj7-mcpg-jpr6 OSV-108971	security update	There are no reported fixed by versions.
VCID-xkd6-jvma-skfk Aliases: CVE-2017-14064 GHSA-954h-8gv7-2q75	Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code.	There are no reported fixed by versions.
VCID-y29u-wpkt-rkgp Aliases: CVE-2018-8779	security update	There are no reported fixed by versions.
VCID-zwxw-299r-wfgx Aliases: CVE-2018-8778 GHSA-wvhq-ch4h-8pwr	security update	There are no reported fixed by versions.
VCID-zybm-uuxu-67gh Aliases: CVE-2017-0898 GHSA-wvmx-3rv2-5jgf	Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:18:13.734622+00:00	Ruby Importer	Affected by	VCID-bad1-7aa4-cugv	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2018-6914.yml	38.0.0
2026-04-01T15:18:13.582927+00:00	Ruby Importer	Affected by	VCID-zwxw-299r-wfgx	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2018-8778.yml	38.0.0
2026-04-01T15:18:12.831202+00:00	Ruby Importer	Affected by	VCID-1cad-uybu-2uau	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2017-17742.yml	38.0.0
2026-04-01T15:18:12.626359+00:00	Ruby Importer	Affected by	VCID-qyz5-zmnt-qucy	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2018-8780.yml	38.0.0
2026-04-01T15:18:12.571666+00:00	Ruby Importer	Affected by	VCID-beub-d11r-nbe4	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2017-17790.yml	38.0.0
2026-04-01T15:18:12.531710+00:00	Ruby Importer	Affected by	VCID-xkd6-jvma-skfk	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2017-14064.yml	38.0.0
2026-04-01T15:18:12.447356+00:00	Ruby Importer	Affected by	VCID-3uaa-r5vu-2fg9	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2014-3916.yml	38.0.0
2026-04-01T15:18:12.347589+00:00	Ruby Importer	Affected by	VCID-zybm-uuxu-67gh	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2017-0898.yml	38.0.0
2026-04-01T15:18:12.020880+00:00	Ruby Importer	Affected by	VCID-rwak-wvuw-qbcg	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2014-4975.yml	38.0.0
2026-04-01T15:18:11.872288+00:00	Ruby Importer	Affected by	VCID-fapg-pt6b-rfb2	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2017-14033.yml	38.0.0
2026-04-01T15:18:11.739156+00:00	Ruby Importer	Affected by	VCID-rdme-1q3s-43d8	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2018-8777.yml	38.0.0
2026-04-01T15:18:11.588032+00:00	Ruby Importer	Affected by	VCID-cvs2-zecm-z3h8	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2015-7551.yml	38.0.0
2026-04-01T15:18:11.441812+00:00	Ruby Importer	Affected by	VCID-91b7-xx8t-rqhr	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2017-10784.yml	38.0.0
2026-04-01T15:18:11.265702+00:00	Ruby Importer	Affected by	VCID-y29u-wpkt-rkgp	https://github.com/rubysec/ruby-advisory-db/blob/master/rubies/ruby/CVE-2018-8779.yml	38.0.0