rpm package
almalinux/ruby4.0-rubygem-mysql2
pkg:rpm/almalinux/ruby4.0-rubygem-mysql2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41316 | Hig | 8.1 | < 0.5.7-34.el10_2 | 0.5.7-34.el10_2 | Apr 24, 2026 | ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). Howeve | |
| CVE-2026-33210 | — | < 0.5.7-34.el10_2 | 0.5.7-34.el10_2 | Mar 20, 2026 | Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used |
- affected < 0.5.7-34.el10_2fixed 0.5.7-34.el10_2
ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). Howeve
- CVE-2026-33210Mar 20, 2026affected < 0.5.7-34.el10_2fixed 0.5.7-34.el10_2
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used