Debian/jruby — 35 CVEs · VulnScope

pkg:Debian/jruby

35 total CVEsCRITICAL1HIGH20MEDIUM9

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2018-1000076RubyGems Improper Verification of Cryptographic Signature vulnerability
from 0, < 9.1.17.0-1
HIGH8.8CVE-2019-8324Code injection in RubyGems
from 0, < 9.1.17.0-3
HIGH8.1CVE-2019-16255Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) t…
from 0, < 9.3.9.0+ds-1
HIGH7.8jruby - security update
from 0, < 9.1.17.0-1
HIGH7.8jruby - security update
from 0, < 1.5.6-9+deb8u1
HIGH7.8jruby - security update
from 0, < 1.5.6-5+deb7u2
HIGH7.5ruby2.5 - security update
from 0
HIGH7.5Ruby Time component ReDoS issue
from 0
HIGH7.5jruby - security update
from 0, < 1.7.26-1+deb9u3
HIGH7.5jruby - security update
from 0, < 9.3.9.0+ds-1
HIGH7.5jruby - security update
from 0, < 1.5.6-5+deb7u1
HIGH7.5jruby - security update
from 0, < 9.1.17.0-1
HIGH7.5jruby - security update
from 0, < 9.1.17.0-2.1
HIGH7.5jruby - security update
from 0, < 1.7.26-1+deb9u1
HIGH7.5WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Servic…
from 0, < 9.3.9.0+ds-1
HIGH7.5RubyGems Escape sequence injection in errors
from 0, < 9.1.17.0-3
HIGH7.5RubyGems Escape sequence injection vulnerability in verbose
from 0, < 9.1.17.0-3
HIGH7.5RubyGems Escape sequence injection vulnerability in gem owner
from 0, < 9.1.17.0-3
HIGH7.5RubyGems Escape sequence injection vulnerability in api response handling
from 0, < 9.1.17.0-3
HIGH7.4An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
from 0, < 9.3.9.0+ds-1
HIGH7.4ruby2.3 - security update
from 0, < 9.1.17.0-3
MEDIUM6.1RubyGems Cross-site Scripting vulnerability
from 0, < 9.1.17.0-1
MEDIUM5.8An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
from 0, < 9.3.9.0+ds-1
MEDIUM5.5RubyGems Path Traversal vulnerability
from 0, < 9.1.17.0-1
MEDIUM5.3RubyGems Improper Input Validation vulnerability
from 0, < 9.1.17.0-1
MEDIUM5.3Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting.
from 0, < 9.3.9.0+ds-1
MEDIUM5.3jruby - security update
from 0, < 1.7.26-1+deb9u2
MEDIUM5.3jruby - security update
from 0, < 9.3.9.0+ds-1
MEDIUM5.3jruby - security update
from 0, < 1.5.6-9+deb8u2
MEDIUM5.3jruby - security update
from 0, < 9.1.17.0-3+deb10u1
—JRuby denial of service via Hash Collision
from 0, < 1.5.6-5
—RubyGems vulnerable to DNS hijack attack
from 0, < 1.7.20.1-2
—Cross-site Scripting in in JRuby
from 0, < 1.5.0~rc1-1
—jruby - security update
from 0, < 1.5.1-1+deb6u1
—jruby - security update
from 0, < 1.5.6-4