汇总 jruby 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 跨站脚本与拒绝服务,在 生产负载与软件部署 使用场景中可能带来 会话劫持 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-46551 | JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 (corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1), when verifying SSL certificates, JRuby-OpenSSL does not verify that the hostname presented in the certificate matches the one the user tries to connect to. This means a man-in-the-middle could just present any valid cert for a completely d | [email protected] | 5.7 | 0.16% | 2025-05-07 | 2025-10-21 |
| CVE-2009-4123 | The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. | [email protected] | 7.5 | 0.60% | 2023-12-12 | 2024-11-21 |
| CVE-2012-5370 | JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838. | [email protected] | 5.0 | 2.25% | 2012-11-28 | 2026-04-29 |
| CVE-2010-1330 | The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. | [email protected] | 4.3 | 2.22% | 2012-11-23 | 2026-04-29 |
| CVE-2011-4838 | JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | [email protected] | 5.0 | 4.36% | 2011-12-30 | 2026-04-29 |