VYPR

rpm package

almalinux/rubygem-mongo

pkg:rpm/almalinux/rubygem-mongo

Vulnerabilities (28)

  • CVE-2020-10933May 4, 2020
    affected < 2.5.1-2.module_el8.5.0+259+8cec6917fixed 2.5.1-2.module_el8.5.0+259+8cec6917

    An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string prov

  • CVE-2020-10663Apr 28, 2020
    affected < 2.5.1-2.module_el8.5.0+259+8cec6917fixed 2.5.1-2.module_el8.5.0+259+8cec6917

    The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically,

  • CVE-2019-15845Nov 26, 2019
    affected < 2.5.1-2.module_el8.5.0+259+8cec6917fixed 2.5.1-2.module_el8.5.0+259+8cec6917

    Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.

  • CVE-2019-16255Nov 26, 2019
    affected < 2.5.1-2.module_el8.5.0+259+8cec6917fixed 2.5.1-2.module_el8.5.0+259+8cec6917

    Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

  • CVE-2019-16254Nov 26, 2019
    affected < 2.5.1-2.module_el8.5.0+259+8cec6917fixed 2.5.1-2.module_el8.5.0+259+8cec6917

    Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content t

  • CVE-2019-16201Nov 26, 2019
    affected < 2.5.1-2.module_el8.5.0+259+8cec6917fixed 2.5.1-2.module_el8.5.0+259+8cec6917

    WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.

  • CVE-2019-19012Nov 16, 2019
    affected < 2.5.1-2.module_el8.5.0+2625+ec418553fixed 2.5.1-2.module_el8.5.0+2625+ec418553

    An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a d

  • CVE-2019-8324Jun 17, 2019
    affected < 2.5.1-2.module_el8.5.0+259+8cec6917fixed 2.5.1-2.module_el8.5.0+259+8cec6917

    An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall c

Page 2 of 2