pkg:Debian/ruby2.7

All known vulnerabilities

• CRITICAL9.8CVE-2026-42257net-imap vulnerable to command Injection via "raw" arguments to multiple commands
  from 0
• CRITICAL9.8CVE-2026-42258net-imap vulnerable to command Injection via unvalidated Symbol inputs
  from 0
• CRITICAL9.8CVE-2026-27820Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
  from 0
• CRITICAL9.8CVE-2024-27280StringIO buffer overread vulnerability
  from 0, < 2.7.4-1+deb11u2
• CRITICAL9.8CVE-2021-41816Buffer overrun in CGI.escape_html
  from 0, < 2.7.4-1+deb11u1
• CRITICAL9.8CVE-2021-41816Buffer overrun in CGI.escape_html
  from 0, < 2.7.4-1+deb11u1
• HIGH8.8CVE-2021-33621HTTP response splitting in CGI
  from 0, < 2.7.4-1+deb11u2
• HIGH8.8CVE-2021-33621HTTP response splitting in CGI
  from 0, < 2.7.4-1+deb11u2
• HIGH8.1CVE-2026-41316ERB has an @_init deserialization guard bypass via def_module / def_method / def_class
  from 0
• HIGH7.5CVE-2026-42245net-imap has quadratic complexity when reading response literals
  from 0
• HIGH7.5CVE-2025-61594URI Credential Leakage Bypass over CVE-2025-27221
  from 0
• HIGH7.5CVE-2024-49761REXML ReDoS vulnerability
  from 0, < 2.7.4-1+deb11u3
• HIGH7.5CVE-2024-41946REXML DoS vulnerability
  from 0, < 2.7.4-1+deb11u3
• HIGH7.5CVE-2024-41123REXML DoS vulnerability
  from 0, < 2.7.4-1+deb11u3
• HIGH7.5CVE-2023-28755Ruby URI component ReDoS issue
  from 0, < 2.7.4-1+deb11u2
• HIGH7.5CVE-2023-28756Ruby Time component ReDoS issue
  from 0, < 2.7.4-1+deb11u2
• HIGH7.5CVE-2020-25613WEBRick vulnerable to HTTP Request/Response Smuggling
  from 0, < 2.7.1-4
• HIGH7.5CVE-2022-28739There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2.
  from 0, < 2.7.4-1+deb11u2
• HIGH7.5CVE-2021-41819Cookie Prefix Spoofing in CGI::Cookie.parse
  from 0, < 2.7.4-1+deb11u1
• HIGH7.5CVE-2021-41817ruby2.3 - security update
  from 0, < 2.7.4-1+deb11u1
• HIGH7.5CVE-2021-28965ruby2.5 - security update
  from 0, < 2.7.3-1
• HIGH7.4CVE-2026-42246net-imap vulnerable to STARTTLS stripping via invalid response timing
  from 0
• HIGH7.4CVE-2025-0306A vulnerability was found in Ruby.
  from 0
• HIGH7.4CVE-2021-32066An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
  from 0, < 2.7.4-1
• HIGH7.0CVE-2021-31799ruby2.3 - security update
  from 0, < 2.7.4-1
• MEDIUM6.6CVE-2024-27282An issue was discovered in Ruby 3.x through 3.3.0.
  from 0, < 2.7.4-1+deb11u2
• MEDIUM6.5CVE-2026-42256net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication
  from 0
• MEDIUM5.9CVE-2024-43398REXML denial of service vulnerability
  from 0, < 2.7.4-1+deb11u3
• MEDIUM5.8CVE-2025-27219CGI has Denial of Service (DoS) potential in Cookie.parse
  from 0, < 2.7.4-1+deb11u5
• MEDIUM5.8CVE-2025-27219CGI has Denial of Service (DoS) potential in Cookie.parse
  from 0, < 2.7.4-1+deb11u5
• MEDIUM5.8CVE-2021-31810An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
  from 0, < 2.7.4-1
• MEDIUM5.3CVE-2025-58767REXML has DoS condition when parsing malformed XML file
  from 0
• MEDIUM5.3CVE-2025-24294resolv vulnerable to DoS via insufficient DNS domain name length validation
  from 0
• MEDIUM5.3CVE-2024-35176ruby2.7 - security update
  from 0, < 2.7.4-1+deb11u3
• MEDIUM5.3CVE-2024-35176ruby2.7 - security update
  from 0, < 2.7.4-1+deb11u3
• MEDIUM5.3CVE-2023-36617URI gem has ReDoS vulnerability
  from 0, < 2.7.4-1+deb11u2
• MEDIUM5.3CVE-2020-10933An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0.
  from 0, < 2.7.1-1
• MEDIUM4.5CVE-2024-27281RDoc RCE vulnerability with .rdoc_options
  from 0, < 2.7.4-1+deb11u2
• MEDIUM4.3CVE-2024-39908REXML denial of service vulnerability
  from 0, < 2.7.4-1+deb11u3
• MEDIUM4.0CVE-2025-27220CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement
  from 0, < 2.7.4-1+deb11u5
• LOW3.2CVE-2025-27221URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+
  from 0, < 2.7.4-1+deb11u5