📦 Ruby

This vulnerability is a buffer over-read in Ruby's String-to-Float conversion functions (Kernel#Float and String#to_f). It allows attackers to read memory beyond allocated buffers, potentially exposin...

This vulnerability in Ruby's CGI::Cookie.parse function mishandles security prefixes in cookie names, allowing attackers to bypass cookie security mechanisms. It affects Ruby versions through 2.6.8 an...

CVE-2021-41817 is a regular expression denial of service (ReDoS) vulnerability in Ruby's date gem. Attackers can cause denial of service by sending specially crafted long strings to Date.parse methods...

This vulnerability in Ruby's Net::IMAP library allows man-in-the-middle attackers to bypass TLS encryption by blocking StartTLS commands, potentially exposing sensitive data transmitted via IMAP. It a...

This vulnerability allows remote attackers to write arbitrary files to the Windows temporary directory by submitting crafted paths when a Ruby web application processes parameters with TmpDir. It affe...