rubygem-psych vulnerabilities

Known vulnerabilities in the rubygem-psych package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Resource Exhaustion	*
M Buffer Over-read	*
M Out-of-bounds Read	*
M Arbitrary Code Injection	*
M Improper Input Validation	*
M Improper Input Validation	*
M HTTP Response Splitting	*
M Out-of-bounds Write	*
M Out-of-bounds Read	*
M Reliance on Cookies without Validation and Integrity Checking	*
M Resource Exhaustion	*
M Null Byte Interaction Error (Poison Null Byte)	<0:2.0.0-36.el7
H Out-of-Bounds	<0:2.0.0-33.el7_4
H Heap-based Buffer Overflow	<0:2.0.0-33.el7_4
H Improper Input Validation	<0:2.0.0-33.el7_4
H Information Exposure	<0:2.0.0-33.el7_4
M Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<0:2.0.0-22.el7_0
M Off-by-one Error	<0:2.0.0-22.el7_0
M Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	<0:2.0.0-22.el7_0
M XML External Entity (XXE) Injection	*
M HTTP Request Smuggling	*
M Improper Input Validation	*
M Directory Traversal	<0:2.0.0-36.el7
M Null Byte Interaction Error (Poison Null Byte)	<0:2.0.0-36.el7
M Resource Exhaustion	<0:2.0.0-36.el7
M Out-of-bounds Read	*
M Directory Traversal	<0:2.0.0-36.el7
M Arbitrary Code Injection	*
L HTTP Response Splitting	*
M Resource Exhaustion	*
M Null Byte Interaction Error (Poison Null Byte)	*
H Improper Certificate Validation	<0:2.0.0-34.el7_6
M Improper Input Validation	<0:2.0.0-36.el7
M Improper Verification of Cryptographic Signature	<0:2.0.0-36.el7
M Directory Traversal	<0:2.0.0-36.el7
M Cross-site Scripting (XSS)	<0:2.0.0-36.el7
M Deserialization of Untrusted Data	<0:2.0.0-36.el7
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:2.0.0-36.el7
M Improper Input Validation	<0:2.0.0-36.el7
M Directory Traversal	<0:2.0.0-36.el7
H Improper Input Validation	<0:2.0.0-35.el7_6
M Out-of-bounds Write	*
M Heap-based Buffer Overflow	*
M Out-of-bounds Read	*
M Out-of-bounds Write	*
M Out-of-bounds Read	*
M HTTP Response Splitting	<0:2.0.0-36.el7
H Arbitrary Command Injection	<0:2.0.0-33.el7_4
H Improper Input Validation	<0:2.0.0-33.el7_4
H Arbitrary Argument Injection	<0:2.0.0-35.el7_6
H Arbitrary Argument Injection	<0:2.0.0-35.el7_6
H Arbitrary Argument Injection	<0:2.0.0-35.el7_6
H Arbitrary Argument Injection	<0:2.0.0-35.el7_6
H Improper Neutralization of Special Elements	<0:2.0.0-33.el7_4
H Improper Neutralization of Special Elements	<0:2.0.0-33.el7_4
H Improper Neutralization of Special Elements	<0:2.0.0-33.el7_4
H Improper Output Neutralization for Logs	<0:2.0.0-33.el7_4
H Improper Neutralization of Special Elements	<0:2.0.0-33.el7_4
M Cleartext Transmission of Sensitive Information	*
M Information Exposure	*
M Arbitrary Command Injection	*
M Inadequate Encryption Strength	*
M Heap-based Buffer Overflow	*
M Access of Resource Using Incompatible Type ('Type Confusion')	*
M Off-by-one Error	*
L Arbitrary Argument Injection	*
L Privilege Defined With Unsafe Actions	*
M Out-of-bounds Read	*
L NULL Pointer Dereference	*
H Improper Input Validation	*
M Improper Validation of Certificate with Host Mismatch	*
L Privilege Defined With Unsafe Actions	*

Vulnerability

Vulnerable Version

Resource Exhaustion