VYPR

apk package

wolfi/ruby-4.0

pkg:apk/wolfi/ruby-4.0

Vulnerabilities (2)

  • CVE-2026-41316HigApr 24, 2026
    affected < 4.0.3-r0fixed 4.0.3-r0

    ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). Howeve

  • CVE-2026-33210Mar 20, 2026
    affected < 4.0.2-r1fixed 4.0.2-r1

    Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used