ruby2.5-stdlib vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the ruby2.5-stdlib package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Out-of-bounds Read	<2.5.9-150000.4.23.1
M Inefficient Regular Expression Complexity	<2.5.9-150000.4.23.1
H Improper Handling of Exceptional Conditions	<2.5.9-150000.4.23.1
H CVE-2021-31810	<2.5.9-150000.4.23.1
H OS Command Injection	<2.5.9-150000.4.23.1
H Arbitrary Code Injection	<2.5.5-4.3.1
H Arbitrary Code Injection	<2.5.5-4.3.1
H Arbitrary Argument Injection	<2.5.5-4.3.1
L Improper Input Validation	<2.5.5-4.3.1
M Use of Externally-Controlled Format String	<2.5.5-4.3.1
H Arbitrary Code Injection	<2.5.5-4.3.1
H Arbitrary Code Injection	<2.5.5-4.3.1
L Directory Traversal	<2.5.5-4.3.1
H Directory Traversal	<2.5.5-4.3.1
H Resource Exhaustion	<2.5.5-4.3.1
L Directory Traversal	<2.5.5-4.3.1
M CVE-2018-16396	<2.5.5-4.3.1
M CVE-2018-16395	<2.5.5-4.3.1
M Directory Traversal	<2.5.5-4.3.1
M Cross-site Scripting (XSS)	<2.5.5-4.3.1
M Improper Input Validation	<2.5.5-4.3.1
M Improper Verification of Cryptographic Signature	<2.5.5-4.3.1
L Loop with Unreachable Exit Condition ('Infinite Loop')	<2.5.5-4.3.1
H Deserialization of Untrusted Data	<2.5.5-4.3.1
M Link Following	<2.5.5-4.3.1
M HTTP Response Splitting	<2.5.5-4.3.1
M Arbitrary Code Injection	<2.5.7-4.8.1
M OS Command Injection	<2.5.7-4.8.1
M Arbitrary Code Injection	<2.5.7-4.8.1
M Improper Authentication	<2.5.7-4.8.1
M CVE-2019-15845	<2.5.7-4.8.1
M Cross-site Scripting (XSS)	<2.5.7-4.8.1
M Cross-site Scripting (XSS)	<2.5.7-4.8.1
M HTTP Request Smuggling	<2.5.8-4.14.1
H Improper Handling of Exceptional Conditions	<2.5.9-4.20.1
H CVE-2021-31810	<2.5.9-4.20.1
H OS Command Injection	<2.5.9-4.20.1