Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:7025
HistoryNov 14, 2023 - 8:43 a.m.

(RHSA-2023:7025) Moderate: ruby:2.5 security update

2023-11-1408:43:17
access.redhat.com
33
ruby scripting language
http response splitting
buffer overrun
redos vulnerability
cve-2021-33621
cve-2022-28739
cve-2023-28755
cve-2023-28756
red hat enterprise linux

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.005

Percentile

77.9%

JSON

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es):

  • ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)

  • ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)

  • ruby: ReDoS vulnerability in URI (CVE-2023-28755)

  • ruby: ReDoS vulnerability in Time (CVE-2023-28756)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyppc64leruby-debuginfo< 2.5.9-111.module+el8.9.0+19193+435404aeruby-debuginfo-2.5.9-111.module+el8.9.0+19193+435404ae.ppc64le.rpm
RedHatanyx86_64ruby< 2.5.9-111.module+el8.9.0+19193+435404aeruby-2.5.9-111.module+el8.9.0+19193+435404ae.x86_64.rpm
RedHatanyppc64lerubygem-io-console< 0.4.6-111.module+el8.9.0+19193+435404aerubygem-io-console-0.4.6-111.module+el8.9.0+19193+435404ae.ppc64le.rpm
RedHatanys390xrubygem-json< 2.1.0-111.module+el8.9.0+19193+435404aerubygem-json-2.1.0-111.module+el8.9.0+19193+435404ae.s390x.rpm
RedHatanyppc64lerubygem-pg-debugsource< 1.0.0-3.module+el8.9.0+19193+435404aerubygem-pg-debugsource-1.0.0-3.module+el8.9.0+19193+435404ae.ppc64le.rpm
RedHatanyi686rubygem-json< 2.1.0-111.module+el8.9.0+19193+435404aerubygem-json-2.1.0-111.module+el8.9.0+19193+435404ae.i686.rpm
RedHatanyaarch64ruby-libs< 2.5.9-111.module+el8.9.0+19193+435404aeruby-libs-2.5.9-111.module+el8.9.0+19193+435404ae.aarch64.rpm
RedHatanyaarch64rubygem-pg-debugsource< 1.0.0-3.module+el8.9.0+19193+435404aerubygem-pg-debugsource-1.0.0-3.module+el8.9.0+19193+435404ae.aarch64.rpm
RedHatanyppc64lerubygem-io-console-debuginfo< 0.4.6-111.module+el8.9.0+19193+435404aerubygem-io-console-debuginfo-0.4.6-111.module+el8.9.0+19193+435404ae.ppc64le.rpm
RedHatanys390xrubygem-bigdecimal-debuginfo< 1.3.4-111.module+el8.9.0+19193+435404aerubygem-bigdecimal-debuginfo-1.3.4-111.module+el8.9.0+19193+435404ae.s390x.rpm
Rows per page:
1-10 of 1371

Related

nessus 67
osv 25
almalinux 6
oraclelinux 8
openvas 32
ubuntu 4
redhat 7
rocky 4
cloudfoundry 3
slackware 1
fedora 4
redos 1
debian 3
gentoo 1
cgr 1
github 2
cbl_mariner 1
alpinelinux 2
prion 3
freebsd 3
ubuntucve 3
veracode 3
cve 2
hackerone 2
photon 1
amazon 2
debiancve 2
nvd 1
rubygems 2
cvelist 2
redhatcve 1
nessus
nessus
RHEL 8 : ruby:2.5 (RHSA-2023:7025)
2023-11-14 00:00:00
Oracle Linux 8 : ruby:2.5 (ELSA-2023-7025)
2023-11-21 00:00:00
AlmaLinux 8 : ruby:2.7 (ALSA-2023:3821)
2023-06-29 00:00:00
osv
osv
Moderate: ruby:2.5 security update
2023-11-14 00:00:00
Moderate: ruby:2.7 security, bug fix, and enhancement update
2023-08-31 16:54:34
Moderate: ruby:2.7 security, bug fix, and enhancement update
2023-06-27 00:00:00
almalinux
almalinux
Moderate: ruby:2.5 security update
2023-11-14 00:00:00
Moderate: ruby:2.7 security, bug fix, and enhancement update
2023-06-27 00:00:00
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-04-01 00:00:00
oraclelinux
oraclelinux
ruby:2.5 security update
2023-11-18 00:00:00
ruby:2.7 security, bug fix, and enhancement update
2023-07-08 00:00:00
ruby:3.1 security, bug fix, and enhancement update
2024-04-02 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6181-1)
2023-06-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4176-1)
2023-10-25 00:00:00
openSUSE: Security Advisory for ruby2.5 (SUSE-SU-2023:4176-1)
2024-03-04 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2023-06-21 00:00:00
Ruby vulnerabilities
2023-05-04 00:00:00
Ruby vulnerabilities
2023-05-18 00:00:00
redhat
redhat
(RHSA-2023:3821) Moderate: ruby:2.7 security, bug fix, and enhancement update
2023-06-27 13:35:33
(RHSA-2023:3291) Moderate: rh-ruby27-ruby security, bug fix, and enhancement update
2023-05-24 08:44:46
(RHSA-2024:1431) Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-03-19 18:23:24
rocky
rocky
ruby:2.7 security, bug fix, and enhancement update
2023-08-31 16:54:34
ruby:3.1 security, bug fix, and enhancement update
2024-04-05 14:57:12
ruby:3.1 security, bug fix, and enhancement update
2024-03-27 04:34:32
cloudfoundry
cloudfoundry
USN-6055-1: Ruby vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
USN-6087-1: Ruby vulnerabilities | Cloud Foundry
2023-06-05 00:00:00
USN-6055-2: Ruby regression | Cloud Foundry
2023-06-30 00:00:00
slackware
slackware
[slackware-security] ruby
2023-03-31 18:29:16
fedora
fedora
[SECURITY] Fedora 38 Update: ruby-3.2.2-180.fc38
2023-04-15 02:16:08
[SECURITY] Fedora 37 Update: ruby-3.1.4-175.fc37
2023-04-21 02:11:09
[SECURITY] Fedora 36 Update: ruby-3.1.4-175.fc36
2023-04-21 01:25:27
redos
redos
ROS-20240826-09
2024-08-26 00:00:00
debian
debian
[SECURITY] [DLA 3447-1] ruby2.5 security update
2023-06-07 20:38:22
[SECURITY] [DLA 3450-1] ruby2.5 security update
2023-06-09 10:23:43
[SECURITY] [DLA 3858-1] ruby2.7 security update
2024-09-02 12:46:22
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
cgr
cgr
CVE-2023-28756 vulnerabilities
2024-05-19 03:07:16
github
github
Ruby Time component ReDoS issue
2023-03-31 06:30:15
Ruby URI component ReDoS issue
2023-03-31 06:30:15
cbl_mariner
cbl_mariner
CVE-2022-28739 affecting package ruby 2.6.9-1
2022-06-15 17:03:10
alpinelinux
alpinelinux
CVE-2022-28739
2022-05-09 18:15:08
CVE-2023-28756
2023-03-31 04:15:09
prion
prion
Design/Logic Flaw
2022-05-09 18:15:00
Authentication flaw
2023-03-31 04:15:00
Authentication flaw
2023-03-31 04:15:00
freebsd
freebsd
Ruby -- Buffer overrun in String-to-Float conversion
2022-04-12 00:00:00
rubygem-time -- ReDoS vulnerability
2023-03-30 00:00:00
rubygem-uri -- ReDoS vulnerability
2023-03-28 00:00:00
ubuntucve
ubuntucve
CVE-2023-28756
2023-03-31 00:00:00
CVE-2023-28755
2023-03-31 00:00:00
CVE-2022-28739
2022-05-09 00:00:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-04-04 14:02:35
Buffer Overflow
2022-04-13 07:35:02
Regular Expression Denial Of Service (ReDoS)
2023-04-04 14:02:44
cve
cve
CVE-2023-28756
2023-03-31 04:15:09
CVE-2022-28739
2022-05-09 18:15:08
hackerone
hackerone
Internet Bug Bounty: ReDoS( Ruby, Time)
2023-04-01 23:52:39
Ruby: ReDoS in Time.rfc2822
2022-02-18 22:22:29
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0562
2024-02-08 00:00:00
amazon
amazon
Medium: ruby
2022-09-30 07:04:00
Medium: ruby20
2022-10-03 19:29:00
debiancve
debiancve
CVE-2022-28739
2022-05-09 18:15:08
CVE-2023-28755
2023-03-31 04:15:09
nvd
nvd
CVE-2022-28739
2022-05-09 18:15:08
rubygems
rubygems
Buffer overrun in String-to-Float conversion
2022-04-11 21:00:00
Ruby Time component ReDos issue
2023-03-30 21:00:00
cvelist
cvelist
CVE-2023-28755
2023-03-31 00:00:00
CVE-2022-28739
2022-05-09 00:00:00
redhatcve
redhatcve
CVE-2022-28739
2022-04-20 05:24:54

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.005

Percentile

77.9%

JSON
Related for RHSA-2023:7025
nessus67osv25almalinux6oraclelinux8openvas32ubuntu4redhat7rocky4cloudfoundry3slackware1fedora4redos1debian3gentoo1cgr1github2cbl_mariner1alpinelinux2prion3freebsd3ubuntucve3veracode3cve2hackerone2photon1amazon2debiancve2nvd1rubygems2cvelist2redhatcve1