GCVE - cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*

part: a version: 2.1 update: -

Vendor	Ruby Lang (`5813a634-c286-5f1d-90d5-a1a352f78d39`)
Product	Ruby (`48f7c14c-c576-5b15-be87-22eeb9add91e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/ruby/ruby`	purl2cpe	2026-06-01 10:11:45.610057
`pkg:ruby-lang/ruby`	purl2cpe	2026-06-01 10:11:45.610058

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-3900`	vulnerable	2026-06-03 14:34:50.676309	Details available RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." Published: 2015-06-24T14:00:00.000Z Updated: 2024-08-06T05:56:16.332Z Open on db.gcve.eu Reference links http://rhn.redhat.com/errata/RHSA-2015-1657.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html http://www.openwall.com/lists/oss-security/2015/06/26/2 https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-4975`	vulnerable	2026-06-03 14:34:05.114003	Details available Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. Published: 2014-11-15T20:00:00.000Z Updated: 2024-08-06T11:34:36.647Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2014/07/09/13 http://rhn.redhat.com/errata/RHSA-2014-1912.html http://www.securityfocus.com/bid/68474 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://rhn.redhat.com/errata/RHSA-2014-1913.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-2734`	vulnerable	2026-06-03 14:33:51.759773	Details available The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. NOTE: this issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration PoC contains errors and redundant or unnecessarily-complex code that does not appear to be related to a demonstration of the issue. As of 20140502, CVE is not aware of any public comment by the original researcher Published: 2014-04-24T23:00:00.000Z Updated: 2024-08-06T10:21:36.074Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html http://www.osvdb.org/106006 https://news.ycombinator.com/item?id=7601973 http://www.securityfocus.com/bid/66956 http://seclists.org/fulldisclosure/2014/May/13	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.