Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ruby
(Ruby\-Lang)| Repositories |
• https://github.com/ruby/ruby
• https://github.com/kkos/oniguruma • https://github.com/rdoc/rdoc • https://github.com/flori/json |
| #Vulnerabilities | 91 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2012-10-11 | CVE-2012-5380 | Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1,... | Ruby | N/A | ||
| 2014-04-24 | CVE-2014-2734 | The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does... | Ruby | N/A |