ruby vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the ruby package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
L CVE-2024-27280	<3.1.5-r0
L CVE-2024-27281	<3.1.5-r0
L CVE-2024-27282	<3.1.5-r0
M Inefficient Regular Expression Complexity	<3.1.4-r0
M Inefficient Regular Expression Complexity	<3.1.4-r0
H Arbitrary Code Injection	<3.1.3-r0
C Double Free	<3.1.2-r0
H Out-of-bounds Read	<3.1.2-r0
H Reliance on Cookies without Validation and Integrity Checking	<3.0.3-r0
C Integer Overflow or Wraparound	<3.0.3-r0
H Inefficient Regular Expression Complexity	<3.0.3-r0
H Arbitrary Command Injection	<2.7.4-r0
H Inadequate Encryption Strength	<2.7.4-r0
M Exposure of Resource to Wrong Sphere	<2.7.4-r0
H Directory Traversal	<2.7.3-r0
H XML External Entity (XXE) Injection	<2.7.3-r0
H HTTP Request Smuggling	<2.7.2-r0
H Improper Input Validation	<2.6.6-r0
M Information Exposure	<2.6.6-r0
H Improper Authentication	<2.6.5-r0
H Arbitrary Code Injection	<2.6.5-r0
M CVE-2019-15845	<2.6.5-r0
M Arbitrary Code Injection	<2.6.5-r0
H CVE-2018-16396	<2.5.2-r0
C CVE-2018-16395	<2.5.2-r0
C Directory Traversal	<2.5.1-r0
H Use of Externally-Controlled Format String	<2.5.1-r0
M HTTP Response Splitting	<2.5.1-r0
H Directory Traversal	<2.5.1-r0
H Improper Input Validation	<2.5.1-r0
H Resource Exhaustion	<2.5.1-r0
H OS Command Injection	<2.4.3-r0
H Out-of-Bounds	<2.4.2-r0
H Improper Authentication	<2.4.2-r0
C Use of Externally-Controlled Format String	<2.4.2-r0
H Improper Input Validation	<2.4.2-r0
H Origin Validation Error	<2.4.2-r0
C Arbitrary Code Injection	<2.4.2-r0
H Improper Input Validation	<2.4.2-r0
C Out-of-Bounds	<2.4.2-r0