| CVE-2021-32066 |
AVG-2138 |
High |
Yes |
Silent downgrade |
A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. Net::IMAP does not raise an exception when StartTLS fails with an... |
| CVE-2021-31810 |
AVG-2138 |
Medium |
Yes |
Information disclosure |
A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. A malicious FTP server can use the PASV response to trick Net::FTP into... |
| CVE-2021-28965 |
AVG-1789 |
Critical |
Yes |
Incorrect calculation |
When parsing and serializing a crafted XML document, the REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is... |
| CVE-2019-16255 |
AVG-1039 |
Medium |
Yes |
Arbitrary code execution |
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to code injection. Shell#[] and its alias Shell#test defined in lib/shell.rb... |
| CVE-2019-16254 |
AVG-1039 |
Medium |
Yes |
Content spoofing |
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to HTTP response splitting in WEBrick bundled with Ruby. If a program using... |
| CVE-2019-16201 |
AVG-1039 |
Medium |
Yes |
Denial of service |
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to denial of service via regular expressions in WEBrick's Digest access... |
| CVE-2019-15845 |
AVG-1039 |
Medium |
Yes |
Insufficient validation |
It has been discovered that Ruby before 2.4.8, 2.5.7 and 2.6.5 is vulnerable to NUL injection in built-in methods (File.fnmatch and File.fnmatch?). An... |