Filtered by vendor Ruby Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-49761 3 Redhat, Ruby, Ruby-lang 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more 2024-11-05 7.5 High
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
CVE-2024-47220 1 Ruby 1 Webrick 2024-09-26 7.5 High
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."