VYPR

rpm package

almalinux/rubygem-racc

pkg:rpm/almalinux/rubygem-racc

Vulnerabilities (14)

  • CVE-2026-41316HigApr 24, 2026
    affected < 1.7.3-6.module_el9.7.0+245+447713a2fixed 1.7.3-6.module_el9.7.0+245+447713a2

    ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). Howeve

  • CVE-2026-33210Mar 20, 2026
    affected < 1.8.1-32.module_el9.8.0+251+5fdbd96bfixed 1.8.1-32.module_el9.8.0+251+5fdbd96b

    Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used

  • CVE-2025-58767Sep 17, 2025
    affected < 1.7.3-5.module_el8.10.0+4075+e5f6dad1fixed 1.7.3-5.module_el8.10.0+4075+e5f6dad1

    REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches

  • CVE-2025-24294HigJul 12, 2025
    affected < 1.7.3-5.module_el8.10.0+4075+e5f6dad1fixed 1.7.3-5.module_el8.10.0+4075+e5f6dad1

    The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the res

  • CVE-2025-27221Mar 3, 2025
    affected < 1.7.3-4.module_el8.10.0+4022+8b66723cfixed 1.7.3-4.module_el8.10.0+4022+8b66723c

    In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.

  • CVE-2025-27219Mar 3, 2025
    affected < 1.7.3-4.module_el8.10.0+4022+8b66723cfixed 1.7.3-4.module_el8.10.0+4022+8b66723c

    In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource

  • CVE-2025-25186MedFeb 10, 2025
    affected < 1.7.3-4.module_el8.10.0+4022+8b66723cfixed 1.7.3-4.module_el8.10.0+4022+8b66723c

    Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in `net-imap`'s response parser. At any time whi

  • CVE-2024-43398Aug 22, 2024
    affected < 1.7.3-3.module_el8.10.0+3894+6d587c81fixed 1.7.3-3.module_el8.10.0+3894+6d587c81

    REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to t

  • CVE-2024-41946Aug 1, 2024
    affected < 1.7.3-3.module_el8.10.0+3894+6d587c81fixed 1.7.3-3.module_el8.10.0+3894+6d587c81

    REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.

  • CVE-2024-41123Aug 1, 2024
    affected < 1.7.3-3.module_el8.10.0+3894+6d587c81fixed 1.7.3-3.module_el8.10.0+3894+6d587c81

    REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.

  • CVE-2024-39908Jul 16, 2024
    affected < 1.7.3-3.module_el8.10.0+3894+6d587c81fixed 1.7.3-3.module_el8.10.0+3894+6d587c81

    REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or

  • CVE-2024-27282MedMay 14, 2024
    affected < 1.7.3-2.module_el8.10.0+3855+767cb125fixed 1.7.3-2.module_el8.10.0+3855+767cb125

    An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2

  • CVE-2024-27281MedMay 14, 2024
    affected < 1.7.3-2.module_el8.10.0+3855+767cb125fixed 1.7.3-2.module_el8.10.0+3855+767cb125

    An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the cl

  • CVE-2024-27280CriMay 14, 2024
    affected < 1.7.3-2.module_el8.10.0+3855+767cb125fixed 1.7.3-2.module_el8.10.0+3855+767cb125

    A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.