Search CVE reports
1 – 10 of 39 results
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAP#id is called with a hash argument, although the ID field value strings are correctly quoted...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler (rb_getaddrinfo in ext/socket/raddrinfo.c) allows a remote attacker who can delay DNS...
7 affected packages
jruby, ruby2.3, ruby2.5, ruby2.7, ruby3.0...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via...
7 affected packages
jruby, ruby2.3, ruby2.5, ruby2.7, ruby3.0...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |
Some fixes available 6 of 12
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Fixed |
| ruby2.7 | Not in release | Not in release | Not in release | Fixed | — |
| ruby3.0 | Not in release | Not in release | Fixed | — | — |
| ruby3.2 | Not in release | Fixed | Not in release | — | — |
| ruby3.3 | Fixed | Not in release | Not in release | — | — |
| jruby | Vulnerable | Vulnerable | Not in release | Vulnerable | Vulnerable |
Some fixes available 1 of 2
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1...
7 affected packages
ruby2.7, ruby3.0, ruby3.2, ruby3.3, jruby...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.7 | Not in release | Not in release | Not in release | Not affected | — |
| ruby3.0 | Not in release | Not in release | Not affected | — | — |
| ruby3.2 | Not in release | Not affected | Not in release | — | — |
| ruby3.3 | Fixed | Not in release | Not in release | — | — |
| jruby | Not affected | Not affected | Not in release | Not affected | Not affected |
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Not affected |
Some fixes available 6 of 12
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully",...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Fixed |
| ruby2.7 | Not in release | Not in release | Not in release | Fixed | — |
| ruby3.0 | Not in release | Not in release | Fixed | — | — |
| ruby3.2 | Not in release | Fixed | Not in release | — | — |
| ruby3.3 | Fixed | Not in release | Not in release | — | — |
| jruby | Vulnerable | Vulnerable | Not in release | Vulnerable | Vulnerable |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses...
7 affected packages
ruby2.7, ruby3.0, ruby3.2, ruby3.3, jruby...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ruby2.7 | Not in release | Not in release | Not in release | Not affected | — |
| ruby3.0 | Not in release | Not in release | Not affected | — | — |
| ruby3.2 | Not in release | Not affected | Not in release | — | — |
| ruby3.3 | Not affected | Not in release | Not in release | — | — |
| jruby | Not affected | Not affected | Not in release | Not affected | Not affected |
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Not affected |
ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is...
7 affected packages
jruby, ruby2.3, ruby2.5, ruby2.7, ruby3.0...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| jruby | Needs evaluation | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
| ruby2.3 | Not in release | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | Not in release | — | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Not in release | Needs evaluation | — | — |
| ruby3.2 | Not in release | Needs evaluation | Not in release | — | — |
| ruby3.3 | Needs evaluation | Not in release | Not in release | — | — |