Ruby


41 total issues disclosed

$12,900 total paid publicly


Most disclosed (9 disclosures) — Memory Corruption - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
OS Command Injection in '/lib/un.rb -- Utilities to replace common UNIX commands in Makefiles etc' OS Command Injection chinarulezzz Medium 2021-07-19
OS Command Injection in 'rdoc' documentation generator OS Command Injection chinarulezzz Medium 2021-07-13
imap: StartTLS stripping attack (CVE-2016-0772). Cryptographic Issues - Generic chinarulezzz Medium 2021-07-08
lib/net/ftp.rb: trusting PASV responses allow client abuse Information Disclosure chinarulezzz Low 2021-07-08
Path traversal in Tempfile on windows OS due to unsanitized backslashes Path Traversal bugdiscloseguys Medium 2021-04-07
Potential HTTP Request Smuggling in ruby webrick HTTP Request Smuggling piao Low 2020-10-29
Variant of CVE-2013-0269 (Denial of Service and Unsafe Object Creation Vulnerability in JSON) Business Logic Errors jeremyevans Medium 2020-04-23
OS Command Injection via egrep in Rake::FileList OS Command Injection kyoshida No rating 2019-08-29
OpenSSL::X509::Name Equality Check Does Not Work, Patch included Improper Certificate Validation tylereckstein Medium 2018-10-19
SEGV in parse_rat() Denial of Service etsukata No rating 2018-06-13
Invalid URL parsing '#' None supplied mrtc0 None 2018-05-01
Response splitting vulnerability in WEBrick Cross-site Scripting (XSS) - Generic tenderlove Low 2018-04-29
Unintentional file creation caused at Tempfile with directory traversal Improper Access Control - Generic ooooooo_q No rating 2018-04-01
The possibility that unintended file operation may be performed because some methods of `Dir` do not check NULL characters. Improper Access Control - Generic ooooooo_q No rating 2018-04-01
Unix domain socket and a path containing a null character Improper Access Control - Generic ooooooo_q No rating 2018-03-31
controlled buffer under-read in pack_unpack_internal() Buffer Under-read aerodudrizzt Medium 2018-03-30
Resolv::getaddresses bug that can be abused to bypass security measures. Violation of Secure Design Principles edoverflow No rating 2018-02-23
Integer Underflow @ ossl_cipher_pkcs5_keyivgen Integer Underflow finb None 2018-02-23
NET::Ftp allows command injection in filenames Command Injection - Generic staaldraad Low 2017-12-19
Provide a security sistem most fit to our team None supplied sam1166 High 2017-12-15
Take back my all data from [email protected] None supplied sam1166 High 2017-12-15
Bugs None supplied survivedabuse High 2017-12-15
Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML Memory Corruption - Generic usa Medium 2017-10-25
Parsing invalid unicode codepoints using json c extension (2.0.1+) triggers a segfault Memory Corruption - Generic dgollahon None 2017-10-25
Arbitrary heap exposure in JSON.generate Memory Corruption - Generic ahmadsherif No rating 2017-09-25
Ruby 2.4.1 has "Stack consistency error" and aborts when processing return statement within a case statement Memory Corruption - Generic haquaman No rating 2017-09-24
sprintf combined format string attack Memory Corruption - Generic aerodudrizzt Medium 2017-09-22
Escape sequence injection vulnerability in WEBrick BasicAuth Command Injection - Generic mame Medium 2017-09-15
Open aws s3 bucket s3://rubyci Information Disclosure sandeep_hodkasia Critical 2017-08-07
RCE (Remote Code Execution) Vulnerability on Ruby Remote File Inclusion cloudyvirus Medium 2017-04-05
Open S3 Bucket WriteAble To Any Aws User Improper Authentication - Generic injector404 High 2017-03-30
public report - Reproducible - Writable RubyCi Amazon s3 bucket[207053] Improper Authentication - Generic koti2 No rating 2017-03-29
Buffer underflow in sprintf Memory Corruption - Generic haquaman No rating 2017-03-05
Ruby:HTTP Header injection in 'net/http' Open Redirect rootredrain No rating 2017-02-27
Writable RubyCi Amazon s3 bucket Improper Authentication - Generic dataalchemist High 2017-02-27
Arbitrary heap overread in strscan on 32 bit Ruby, patch included Information Disclosure guido Low 2016-11-17
SMTP command injection Command Injection - Generic jeremy No rating 2016-06-30
Heap corruption in string.c tr_trans() due to undersized buffer Memory Corruption - Generic guido No rating 2016-06-21
Heap corruption in DateTime.strftime() on 32 bit for certain format strings Memory Corruption - Generic guido No rating 2016-06-21
StringIO strio_getline() can divulge arbitrary memory Memory Corruption - Generic guido No rating 2016-06-21
Ruby: Heap Overflow in Floating Point Parsing None supplied charliesome No rating 2013-11-22