ruby vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the ruby package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Out-of-bounds Read	<2.7.6-r0
H Reliance on Cookies without Validation and Integrity Checking	<2.7.5-r0
C Integer Overflow or Wraparound	<2.7.5-r0
H Inefficient Regular Expression Complexity	<2.7.5-r0
H Arbitrary Command Injection	<2.7.4-r0
H Inadequate Encryption Strength	<2.7.4-r0
M Exposure of Resource to Wrong Sphere	<2.7.4-r0
H Directory Traversal	<2.7.3-r0
H XML External Entity (XXE) Injection	<2.7.3-r0
H HTTP Request Smuggling	<2.7.2-r0
H Improper Input Validation	<2.6.6-r0
M Information Exposure	<2.6.6-r0
H Improper Authentication	<2.6.5-r0
H Arbitrary Code Injection	<2.6.5-r0
M CVE-2019-15845	<2.6.5-r0
M Arbitrary Code Injection	<2.6.5-r0
H CVE-2018-16396	<2.5.2-r0
C CVE-2018-16395	<2.5.2-r0
H Directory Traversal	<2.5.1-r0
H Use of Externally-Controlled Format String	<2.5.1-r0
C Directory Traversal	<2.5.1-r0
H Improper Input Validation	<2.5.1-r0
M HTTP Response Splitting	<2.5.1-r0
H Resource Exhaustion	<2.5.1-r0
H OS Command Injection	<2.4.3-r0
H Out-of-Bounds	<2.4.2-r0
H Improper Authentication	<2.4.2-r0
C Use of Externally-Controlled Format String	<2.4.2-r0
H Improper Input Validation	<2.4.2-r0
H Improper Input Validation	<2.4.2-r0
H Origin Validation Error	<2.4.2-r0
C Arbitrary Code Injection	<2.4.2-r0
C Out-of-Bounds	<2.4.2-r0