Search CVE reports
1 – 3 of 3 results
CVE-2024-27282
Medium prioritySome fixes available 4 of 12
An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive...
7 affected packages
jruby, ruby2.3, ruby2.5, ruby2.7, ruby3.0...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jruby | Needs evaluation | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| ruby2.3 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.5 | Not in release | Not in release | Not in release | Vulnerable | — |
| ruby2.7 | Not in release | Not in release | Fixed | — | — |
| ruby3.0 | Not in release | Fixed | Not in release | — | — |
| ruby3.1 | Not in release | Not in release | Not in release | — | — |
| ruby3.2 | Fixed | Not in release | Not in release | — | — |
CVE-2024-27281
Medium prioritySome fixes available 4 of 12
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are...
7 affected packages
jruby, ruby2.3, ruby2.5, ruby2.7, ruby3.0...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jruby | Needs evaluation | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| ruby2.3 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.5 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby2.7 | Not in release | Not in release | Fixed | — | — |
| ruby3.0 | Not in release | Fixed | Not in release | — | — |
| ruby3.1 | Not in release | Not in release | Not in release | — | — |
| ruby3.2 | Fixed | Not in release | Not in release | Not in release | Not in release |
CVE-2024-27280
Medium prioritySome fixes available 3 of 5
A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call...
6 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.1, ruby3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.5 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby2.7 | Not in release | Not in release | Fixed | — | — |
| ruby3.0 | Not in release | Fixed | Not in release | — | — |
| ruby3.1 | Not in release | Not in release | Not in release | — | — |
| ruby3.2 | Not affected | Not in release | Not in release | Not in release | Not in release |