Yukihiro Matsumoto Ruby — known CVE vulnerabilities
Every CVE whose affected-product data names Yukihiro Matsumoto Ruby, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2005-1992 — CVSS 7.5 (high): The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using…
CVE-2005-2337 — CVSS 7.5 (high): Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag…
CVE-2006-3694 — CVSS 6.4 (medium): Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors…
CVE-2006-5467 — CVSS 5.0 (medium): The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP…
CVE-2006-6303 — CVSS 5.0 (medium): The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows…
CVE-2004-0983 — CVSS 5.0 (medium): The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU…
CVE-2006-1931 — CVSS 5.0 (medium): The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked…
CVE-2004-0755 — CVSS 2.1 (low): The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can…