Ruby CVE 脆弱性と CVE 一覧(123)

製品(CPE): — CVE 件数: 123

Ruby 脆弱性概要

Ruby 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に バッファオーバーフロー and パス処理の欠陥 などに関し、一部は vendor impact unexpected behavior を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 121123 / 123 CVE 件数
«« 先頭 « 前へ 7 / 7 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2008-1145 Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. [email protected] 5.0 18.16% 2008-03-04 2026-06-16
CVE-2007-5770 The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. [email protected] 5.0 1.88% 2007-11-13 2026-06-16
CVE-2007-5162 The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. [email protected] 4.3 1.70% 2007-10-01 2026-06-16
«« 先頭 « 前へ 7 / 7 次へ »
cvelogic Threat Intelligence