apk package
wolfi/ruby-3.4-dev
pkg:apk/wolfi/ruby-3.4-dev
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-24294 | Hig | 7.5 | < 3.4.5-r0 | 3.4.5-r0 | Jul 12, 2025 | The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the res | |
| CVE-2025-27221 | — | < 3.4.2-r1 | 3.4.2-r1 | Mar 3, 2025 | In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. | ||
| CVE-2025-27220 | — | < 3.4.2-r1 | 3.4.2-r1 | Mar 3, 2025 | In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. | ||
| CVE-2025-27219 | — | < 3.4.2-r1 | 3.4.2-r1 | Mar 3, 2025 | In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource |
- affected < 3.4.5-r0fixed 3.4.5-r0
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the res
- CVE-2025-27221Mar 3, 2025affected < 3.4.2-r1fixed 3.4.2-r1
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
- CVE-2025-27220Mar 3, 2025affected < 3.4.2-r1fixed 3.4.2-r1
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
- CVE-2025-27219Mar 3, 2025affected < 3.4.2-r1fixed 3.4.2-r1
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource