VYPR
Medium severity6.6NVD Advisory· Published May 14, 2024· Updated Jun 17, 2026

CVE-2024-27282

CVE-2024-27282

Description

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

48

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.