Ruby-lang Ruby 2.4.0
Approved changes feed: RSS · Atom
cpe:2.3:a:ruby-lang:ruby:2.4.0:*:*:*:*:*:*:*
part: a version: 2.4.0 update: *
| Vendor | Ruby Lang (5813a634-c286-5f1d-90d5-a1a352f78d39) |
|---|---|
| Product | Ruby (48f7c14c-c576-5b15-be87-22eeb9add91e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/ruby/ruby |
purl2cpe | 2026-06-01 10:11:45.610163 |
pkg:ruby-lang/ruby |
purl2cpe | 2026-06-01 10:11:45.610164 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-6181 |
vulnerable | 2026-06-03 14:37:27.393938 |
Details available
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
Published: 2017-04-03T05:44:00.000Z
Updated: 2024-08-05T15:25:47.726Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14064 |
vulnerable | 2026-06-03 14:36:38.400688 |
Details available
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
Published: 2017-08-31T17:00:00.000Z
Updated: 2024-08-05T19:13:41.685Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14033 |
vulnerable | 2026-06-03 14:36:38.371310 |
Details available
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.
Published: 2017-09-19T17:00:00.000Z
Updated: 2024-08-05T19:13:41.487Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-10784 |
vulnerable | 2026-06-03 14:36:27.089603 |
Details available
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
Published: 2017-09-19T17:00:00.000Z
Updated: 2024-08-05T17:50:11.932Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-0898 |
vulnerable | 2026-06-03 14:36:19.565083 |
Details available
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
Published: 2017-09-15T19:00:00.000Z
Updated: 2024-09-17T01:36:46.258Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.