Ruby-lang

Ruby

93 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.18%
  • Veröffentlicht 25.04.2013 23:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainte...

  • EPSS 6.67%
  • Veröffentlicht 09.04.2013 21:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.

  • EPSS 3.62%
  • Veröffentlicht 01.03.2013 05:40:17
  • Zuletzt bearbeitet 29.04.2026 01:13:23

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

  • EPSS 3.36%
  • Veröffentlicht 28.11.2012 13:03:10
  • Zuletzt bearbeitet 16.06.2026 23:46:44

Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)...

  • EPSS 2.2%
  • Veröffentlicht 24.11.2012 20:55:03
  • Zuletzt bearbeitet 16.06.2026 23:45:15

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

Exploit
  • EPSS 0.99%
  • Veröffentlicht 11.10.2012 10:51:57
  • Zuletzt bearbeitet 16.06.2026 23:46:46

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be a...

  • EPSS 4.25%
  • Veröffentlicht 30.12.2011 01:55:01
  • Zuletzt bearbeitet 16.06.2026 23:35:27

Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an applicatio...

  • EPSS 2.09%
  • Veröffentlicht 05.08.2011 22:55:01
  • Zuletzt bearbeitet 16.06.2026 23:32:25

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a ...

  • EPSS 2.58%
  • Veröffentlicht 05.08.2011 21:55:04
  • Zuletzt bearbeitet 16.06.2026 23:31:47

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a ...

  • EPSS 1.95%
  • Veröffentlicht 05.08.2011 21:55:04
  • Zuletzt bearbeitet 16.06.2026 23:31:50

The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leverag...