pkg:Alpine/ruby

所有已知漏洞

• CRITICAL9.8CVE-2026-27820Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
  from 0, < 3.4.9-r0
• CRITICAL9.8CVE-2024-27280ruby3.1 - security update
  from 0, < 3.1.5-r0
• CRITICAL9.8CVE-2018-16395ruby2.3 - security update
  from 0, < 2.5.2-r0
• CRITICAL9.8RubyGems Code Injection vulnerability
  from 0, < 2.4.2-r0
• CRITICAL9.8A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2.
  from 0, < 3.0.4-r0
• CRITICAL9.8ruby2.7 - security update
  from 0, < 2.7.5-r0
• CRITICAL9.8Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call.
  from 0, < 2.4.2-r0
• CRITICAL9.1In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries a…
  from 0, < 2.5.1-r0
• CRITICAL9.1ruby2.3 - security update
  from 0, < 2.4.2-r0
• HIGH8.8ruby2.7 - security update
  from 0, < 2.7.7-r0
• HIGH8.8WEBrick RCE Vulnerability
  from 0, < 2.4.2-r0
• HIGH8.8Code injection in RubyGems
  from 0, < 2.4.6-r0
• HIGH8.8ruby2.3 - security update
  from 0, < 2.4.3-r0
• HIGH8.1RubyGems has Origin Validation Error vulnerability
  from 0, < 2.4.2-r0
• HIGH8.1Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) t…
  from 0, < 2.5.7-r0
• HIGH8.1An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3.
  from 0, < 2.5.2-r0
• HIGH7.5URI Credential Leakage Bypass over CVE-2025-27221
  from 0, < 3.3.10-r0
• HIGH7.5ruby2.5 - security update
  from 0, < 2.7.8-r0
• HIGH7.5Ruby Time component ReDoS issue
  from 0, < 2.7.8-r0
• HIGH7.5jruby - security update
  from 0, < 2.5.8-r1
• HIGH7.5Ruby OpenSSL DoS Vulnerability
  from 0, < 2.4.2-r0
• HIGH7.5rubygems - security update
  from 0, < 2.4.2-r0
• HIGH7.5RubyGems may allow a maliciously crafted gem to overwrite files
  from 0, < 2.4.2-r0
• HIGH7.5There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2.
  from 0, < 2.7.6-r0
• HIGH7.5Cookie Prefix Spoofing in CGI::Cookie.parse
  from 0, < 2.7.5-r0
• HIGH7.5ruby2.3 - security update
  from 0, < 2.7.5-r0
• HIGH7.5Tempfile on Windows path traversal vulnerability
  from 0, < 2.5.9-r0
• HIGH7.5ruby2.5 - security update
  from 0, < 2.5.9-r0
• HIGH7.5ruby2.5 - security update
  from 0, < 2.5.8-r0
• HIGH7.5WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Servic…
  from 0, < 2.5.7-r0
• HIGH7.5RubyGems Escape sequence injection in errors
  from 0, < 2.4.6-r0
• HIGH7.5RubyGems Escape sequence injection vulnerability in verbose
  from 0, < 2.4.6-r0
• HIGH7.5RubyGems Escape sequence injection vulnerability in gem owner
  from 0, < 2.4.6-r0
• HIGH7.5RubyGems Escape sequence injection vulnerability in api response handling
  from 0, < 2.4.6-r0
• HIGH7.5In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.o…
  from 0, < 2.5.1-r0
• HIGH7.5In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpackin…
  from 0, < 2.5.1-r0
• HIGH7.5In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP re…
  from 0, < 2.5.1-r0
• HIGH7.5Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before…
  from 0, < 2.5.1-r0
• HIGH7.4An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
  from 0, < 2.6.8-r0
• HIGH7.4ruby2.3 - security update
  from 0, < 2.4.6-r0
• HIGH7.0ruby2.3 - security update
  from 0, < 2.6.8-r0
• MEDIUM6.6An issue was discovered in Ruby 3.x through 3.3.0.
  from 0, < 3.1.5-r0
• MEDIUM6.5ruby2.3 - security update
  from 0, < 2.5.7-r0
• MEDIUM6.1ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'
  from 0, < 2.5.8-r0
• MEDIUM6.1Cross-Site Scripting in jquery
  from 0, < 2.5.6-r0
• MEDIUM6.1Cross-Site Scripting (XSS) in jquery
  from 0, < 2.5.6-r0
• MEDIUM5.8ruby2.7 - security update
  from 0, < 3.2.8-r0
• MEDIUM5.8An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
  from 0, < 2.6.8-r0
• MEDIUM5.3An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0.
  from 0, < 2.5.8-r0
• MEDIUM5.3Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting.
  from 0, < 2.5.7-r0
• MEDIUM5.3jruby - security update
  from 0, < 2.5.1-r0
• MEDIUM4.5RDoc RCE vulnerability with .rdoc_options
  from 0, < 3.1.5-r0