Search for packages
| purl | pkg:ruby/ruby@2.4 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1cad-uybu-2uau
Aliases: CVE-2017-17742 GHSA-7p4c-jf2w-hc3w |
security update | There are no reported fixed by versions. |
|
VCID-91b7-xx8t-rqhr
Aliases: CVE-2017-10784 GHSA-369m-2gv6-mw28 |
Improper Authentication The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. | There are no reported fixed by versions. |
|
VCID-bad1-7aa4-cugv
Aliases: CVE-2018-6914 GHSA-wpg3-wgm5-rv8w |
security update | There are no reported fixed by versions. |
|
VCID-beub-d11r-nbe4
Aliases: CVE-2017-17790 GHSA-47cm-jxff-w8wg |
security update | There are no reported fixed by versions. |
|
VCID-c3y8-w4b4-3qea
Aliases: CVE-2018-16395 GHSA-mmrq-6999-72v8 |
Improper Certificate Validation When two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of `==` will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. | There are no reported fixed by versions. |
|
VCID-fapg-pt6b-rfb2
Aliases: CVE-2017-14033 GHSA-v6rp-3r3v-hf4p |
Improper Restriction of Operations within the Bounds of a Memory Buffer The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. | There are no reported fixed by versions. |
|
VCID-kamp-zmtx-aqbz
Aliases: CVE-2018-16396 GHSA-xh4x-ph6p-vmxh |
security update | There are no reported fixed by versions. |
|
VCID-qyz5-zmnt-qucy
Aliases: CVE-2018-8780 GHSA-fphx-j9v2-w2cx |
security update | There are no reported fixed by versions. |
|
VCID-rdme-1q3s-43d8
Aliases: CVE-2018-8777 GHSA-9j6f-82h4-9mw2 |
security update | There are no reported fixed by versions. |
|
VCID-sf98-mryd-yfb3
Aliases: CVE-2015-9096 GHSA-2h3c-5vqm-gqfh |
security update | There are no reported fixed by versions. |
|
VCID-tzne-zeeh-wuet
Aliases: CVE-2016-2338 GHSA-r46x-xjwr-8v2g |
ruby: heap buffer overflow in the Psych::Emitter start_document function | There are no reported fixed by versions. |
|
VCID-xkd6-jvma-skfk
Aliases: CVE-2017-14064 GHSA-954h-8gv7-2q75 |
Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. | There are no reported fixed by versions. |
|
VCID-y29u-wpkt-rkgp
Aliases: CVE-2018-8779 |
security update | There are no reported fixed by versions. |
|
VCID-zwxw-299r-wfgx
Aliases: CVE-2018-8778 GHSA-wvhq-ch4h-8pwr |
security update | There are no reported fixed by versions. |
|
VCID-zybm-uuxu-67gh
Aliases: CVE-2017-0898 GHSA-wvmx-3rv2-5jgf |
Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||