Search CVE reports
11 – 12 of 12 results
CVE-2021-41817
Medium priority
Fixed
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
4 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | — | — | — | — | Fixed |
| ruby2.5 | — | — | — | Fixed | Ignored |
| ruby2.7 | — | — | Fixed | — | Ignored |
| ruby3.0 | — | Fixed | — | — | Ignored |
CVE-2021-41816
Medium priority
Fixed
CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also...
4 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | — | — | — | — | Not affected |
| ruby2.5 | — | — | — | Not affected | Ignored |
| ruby2.7 | — | — | Fixed | — | Ignored |
| ruby3.0 | — | Fixed | — | — | Ignored |