Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 9 of 9 results

CVE-2023-36617

Medium priority

Some fixes available 7 of 20

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects...

9 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.3, ruby2.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Needs evaluation Not in release Needs evaluation Needs evaluation Needs evaluation
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Not in release
ruby2.7 Not in release Not in release Fixed Not in release Not in release
ruby3.0 Not in release Fixed Not in release Not in release Not in release
ruby3.1 Not in release Not in release Not in release Not in release Not in release
rubygems Not affected Needs evaluation Not in release Ignored Ignored
Show all 9 packages Show less packages

CVE-2023-28756

Medium priority

Some fixes available 8 of 16

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time...

9 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.3, ruby2.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Needs evaluation Not in release Needs evaluation Needs evaluation Needs evaluation
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Ignored
ruby2.7 Not in release Not in release Fixed Not in release Ignored
ruby3.0 Not in release Fixed Not in release Not in release Not in release
ruby3.1 Not in release Not in release Not in release Not in release Ignored
rubygems Not affected Not affected Not in release Not in release Ignored
Show all 9 packages Show less packages

CVE-2023-28755

Medium priority

Some fixes available 8 of 19

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI...

9 affected packages

jruby, ruby1.9.1, ruby2.0, ruby2.3, ruby2.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Needs evaluation Not in release Vulnerable Vulnerable Vulnerable
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Ignored
ruby2.7 Not in release Not in release Fixed Not in release Ignored
ruby3.0 Not in release Fixed Not in release Not in release Not in release
ruby3.1 Not in release Not in release Not in release Not in release Ignored
rubygems Not affected Vulnerable Not in release Not in release Ignored
Show all 9 packages Show less packages

CVE-2015-4020

Low priority
Not affected

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a...

7 affected packages

jruby, libgems-ruby, ruby1.8, ruby1.9.1, ruby2.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby
libgems-ruby
ruby1.8
ruby1.9.1
ruby2.1
ruby2.2
rubygems
Show all 7 packages Show less packages

CVE-2015-3900

Low priority
Ignored

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a...

8 affected packages

jruby, libgems-ruby, ruby1.8, ruby1.9.1, ruby2.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby
libgems-ruby
ruby1.8
ruby1.9.1
ruby2.1
ruby2.2
ruby2.3
rubygems
Show all 8 packages Show less packages

CVE-2013-4363

Low priority
Ignored

Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0...

3 affected packages

jruby, ruby1.9.1, rubygems

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby
ruby1.9.1
rubygems
Show less packages

CVE-2013-4287

Low priority
Ignored

Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0...

3 affected packages

jruby, ruby1.9.1, rubygems

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby
ruby1.9.1
rubygems
Show less packages

CVE-2012-2126

Medium priority

Some fixes available 2 of 22

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

3 affected packages

jruby, ruby1.9.1, rubygems

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Not affected Not affected Not affected Not affected
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
rubygems Not affected Not affected Not in release Not in release Not in release
Show less packages

CVE-2012-2125

Low priority

Some fixes available 2 of 20

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

3 affected packages

jruby, ruby1.9.1, rubygems

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jruby Not affected Not affected Not affected Not affected
ruby1.9.1 Not in release Not in release Not in release Not in release Not in release
rubygems Not affected Not affected Not in release Not in release Not in release
Show less packages