pkg:Bitnami/ruby

All known vulnerabilities

• CRITICAL9.8CVE-2022-28738A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2.
  >= 3.0.0, < 3.0.4, >= 3.1.0, < 3.1.2
• HIGH8.8CVE-2021-33621HTTP response splitting in CGI
  >= 2.7.0, < 2.7.7, >= 3.0.0, < 3.0.5, >= 3.1.0, < 3.1.3
• HIGH8.1CVE-2026-46727An issue was discovered in Ruby 4 before 4.0.5.
  >= 4.0.0, < 4.0.5
• HIGH7.5CVE-2023-28756Ruby Time component ReDoS issue
  from 0, < 2.7.8
• HIGH7.5CVE-2020-25613WEBRick vulnerable to HTTP Request/Response Smuggling
  from 0, < 2.5.9, >= 2.6.0, < 2.6.7, >= 2.7.0, < 2.7.2
• HIGH7.5CVE-2022-28739There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2.
  from 0, < 2.6.10, >= 2.7.0, < 2.7.6, >= 3.0.0, < 3.0.4, >= 3.1.0, < 3.1.2
• HIGH7.5CVE-2021-41819Cookie Prefix Spoofing in CGI::Cookie.parse
  from 0, < 2.6.9, >= 2.7.0, < 2.7.5, >= 3.0.0, < 3.0.3
• HIGH7.5CVE-2021-41817ruby2.3 - security update
  >= 2.6.0, < 2.6.9, >= 2.7.0, < 2.7.5, >= 3.0.0, < 3.0.3
• HIGH7.5CVE-2021-28966Tempfile on Windows path traversal vulnerability
  from 0, < 2.7.3, >= 3.0.0, < 3.0.1
• HIGH7.5CVE-2021-28965ruby2.5 - security update
  from 0, < 2.6.7, >= 2.7.0, < 2.7.3, >= 3.0.0, < 3.0.1
• HIGH7.4CVE-2021-32066An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
  >= 2.6.0, < 2.6.8, >= 2.7.0, < 2.7.4, >= 3.0.0, < 3.0.2
• MEDIUM6.6CVE-2024-27282An issue was discovered in Ruby 3.x through 3.3.0.
  from 0, < 3.1.5, >= 3.2.0, < 3.2.4, >= 3.3.0, < 3.3.1
• MEDIUM6.5CVE-2020-5247HTTP Response Splitting in Puma
  from 0, < 2.3.1, >= 2.4.0, < 2.4.8, >= 2.5.0, < 2.5.7, >= 2.6.0, < 2.6.5
• MEDIUM5.8CVE-2021-31810An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
  from 0, < 2.6.8, >= 2.7.0, < 2.7.4, >= 3.0.0, < 3.0.2
• MEDIUM5.3CVE-2020-10933An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0.
  >= 2.5.0, < 2.5.8, >= 2.6.0, < 2.6.6, >= 2.7.0, < 2.7.1