Search CVE reports
21 – 25 of 25 results
Some fixes available 6 of 14
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | Not in release | — |
| ruby2.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| ruby2.7 | Not in release | Not in release | Not in release | Fixed | — |
| ruby3.0 | Not in release | Not in release | Fixed | Not in release | — |
| ruby3.2 | Not in release | Fixed | Not in release | Not in release | — |
| ruby3.3 | Not affected | Not in release | Not in release | Not in release | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Ignored | Needs evaluation |
Some fixes available 6 of 14
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | Not in release | — |
| ruby2.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| ruby2.7 | Not in release | Not in release | Not in release | Fixed | — |
| ruby3.0 | Not in release | Not in release | Fixed | Not in release | — |
| ruby3.2 | Not in release | Fixed | Not in release | Not in release | — |
| ruby3.3 | Not affected | Not in release | Not in release | Not in release | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Ignored | Needs evaluation |
Some fixes available 5 of 13
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | Not in release | — |
| ruby2.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| ruby2.7 | Not in release | Not in release | Not in release | Fixed | — |
| ruby3.0 | Not in release | Not in release | Fixed | Not in release | — |
| ruby3.2 | Not in release | Fixed | Not in release | Not in release | — |
| ruby3.3 | Not affected | Not in release | Not in release | Not in release | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Ignored | Needs evaluation |
Some fixes available 5 of 15
An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive...
8 affected packages
ruby2.5, ruby2.7, ruby3.1, ruby3.2, ruby2.3...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| ruby2.7 | Not in release | Not in release | Not in release | Fixed | — |
| ruby3.1 | Not in release | Not in release | Not in release | Not in release | — |
| ruby3.2 | Not in release | Fixed | Not in release | Not in release | — |
| ruby2.3 | Not in release | Not in release | Not in release | Not in release | — |
| ruby3.0 | Not in release | Not in release | Fixed | Not in release | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Ignored | Needs evaluation |
| ruby3.3 | Not affected | Not in release | Not in release | Not in release | Not in release |
Some fixes available 6 of 15
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are...
8 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | Not in release | — |
| ruby2.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| ruby2.7 | Not in release | Not in release | Not in release | Fixed | — |
| ruby3.0 | Not in release | Not in release | Fixed | Not in release | — |
| ruby3.1 | Not in release | Not in release | Not in release | Not in release | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Ignored | Needs evaluation |
| ruby3.2 | Not in release | Fixed | Not in release | Not in release | Not in release |
| ruby3.3 | Not affected | Not in release | Not in release | Not in release | Not in release |