GCVE - cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ruby-lang:ruby:1.9.3:p392:*:*:*:*:*:*

part: a version: 1.9.3 update: p392

Vendor	Ruby Lang (`5813a634-c286-5f1d-90d5-a1a352f78d39`)
Product	Ruby (`48f7c14c-c576-5b15-be87-22eeb9add91e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/ruby/ruby`	purl2cpe	2026-06-01 10:11:45.592707
`pkg:ruby-lang/ruby`	purl2cpe	2026-06-01 10:11:45.592708

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-8090`	vulnerable	2026-06-03 14:34:22.485866	Details available The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080. Published: 2014-11-21T15:00:00.000Z Updated: 2024-08-06T13:10:50.067Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html http://secunia.com/advisories/59948 http://rhn.redhat.com/errata/RHSA-2014-1912.html http://www.debian.org/security/2015/dsa-3159 http://secunia.com/advisories/62050	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-8080`	vulnerable	2026-06-03 14:34:22.452238	Details available The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. Published: 2014-11-03T16:00:00.000Z Updated: 2024-08-06T13:10:50.075Z Open on db.gcve.eu Reference links http://secunia.com/advisories/61607 http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html http://advisories.mageia.org/MGASA-2014-0443.html http://rhn.redhat.com/errata/RHSA-2014-1912.html http://www.debian.org/security/2015/dsa-3159	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4363`	vulnerable	2026-06-03 14:33:11.325667	Details available Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287. Published: 2013-10-17T23:00:00.000Z Updated: 2024-08-06T16:38:01.886Z Open on db.gcve.eu Reference links https://puppet.com/security/cve/cve-2013-4363 http://www.openwall.com/lists/oss-security/2013/09/18/8 http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html http://www.openwall.com/lists/oss-security/2013/09/14/3 http://www.openwall.com/lists/oss-security/2013/09/20/1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4287`	vulnerable	2026-06-03 14:33:10.885927	Details available Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. Published: 2013-10-17T23:00:00.000Z Updated: 2024-08-06T16:38:01.871Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2013/09/10/1 http://secunia.com/advisories/55381 http://rhn.redhat.com/errata/RHSA-2013-1523.html http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html https://puppet.com/security/cve/cve-2013-4287	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4073`	vulnerable	2026-06-03 14:33:09.474033	Details available The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Published: 2013-08-18T01:00:00.000Z Updated: 2024-08-06T16:30:49.912Z Open on db.gcve.eu Reference links http://www.debian.org/security/2013/dsa-2738 http://www.ubuntu.com/usn/USN-1902-1 http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21 http://rhn.redhat.com/errata/RHSA-2013-1090.html http://rhn.redhat.com/errata/RHSA-2013-1103.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2065`	vulnerable	2026-06-03 14:32:53.560444	Details available (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. Published: 2013-11-02T19:00:00.000Z Updated: 2024-08-06T15:20:37.490Z Open on db.gcve.eu Reference links https://puppet.com/security/cve/cve-2013-2065 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html http://www.ubuntu.com/usn/USN-2035-1 https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/ http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.