VYPR

rpm package

opensuse/ruby3.3&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/ruby3.3&distro=openSUSE%20Tumbleweed

Vulnerabilities (12)

  • CVE-2023-28755Mar 31, 2023
    affected < 3.3.0-1.2fixed 3.3.0-1.2

    A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2

  • CVE-2022-28739May 9, 2022
    affected < 3.3.0-1.2fixed 3.3.0-1.2

    There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

  • CVE-2022-28738May 9, 2022
    affected < 3.3.0-1.2fixed 3.3.0-1.2

    A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.

  • CVE-2021-41816Feb 6, 2022
    affected < 3.3.0-1.2fixed 3.3.0-1.2

    CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.

  • CVE-2021-41819Jan 1, 2022
    affected < 3.3.0-1.2fixed 3.3.0-1.2

    CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

  • CVE-2021-41817Jan 1, 2022
    affected < 3.3.0-1.2fixed 3.3.0-1.2

    Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

  • CVE-2021-32066Aug 1, 2021
    affected < 3.3.0-1.2fixed 3.3.0-1.2

    An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network po

  • CVE-2021-31799Jul 29, 2021
    affected < 3.3.0-1.2fixed 3.3.0-1.2

    In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

  • CVE-2021-31810Jul 13, 2021
    affected < 3.3.0-1.2fixed 3.3.0-1.2

    An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that a

  • CVE-2021-28965Apr 21, 2021
    affected < 3.3.0-1.2fixed 3.3.0-1.2

    The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

  • CVE-2020-10933May 4, 2020
    affected < 3.3.0-1.2fixed 3.3.0-1.2

    An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string prov

  • CVE-2020-10663Apr 28, 2020
    affected < 3.3.0-1.2fixed 3.3.0-1.2

    The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically,