ruby-lang security advisories

6 threat alerts tracking vulnerabilities and security advisories that affect ruby-lang products.

Vulnios monitors ruby-lang CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent ruby-lang security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2016-2337 — ruby-lang — ruby
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
criticalCVE-2016-2337
Critical Vulnerability: CVE-2016-2339 — ruby-lang — ruby
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is ma
criticalCVE-2016-2339
Critical Vulnerability: CVE-2016-2336 — ruby-lang — ruby
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code ex
criticalCVE-2016-2336
Critical Vulnerability: CVE-2017-17790 — ruby-lang — ruby
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|'
criticalCVE-2017-17790
Critical Vulnerability: CVE-2017-0898 — ruby-lang — ruby
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting i
criticalCVE-2017-0898
Critical Vulnerability: CVE-2017-11465 — ruby-lang — ruby
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script,
criticalCVE-2017-11465

Track ruby-lang exposure across your environment

Vulnios automatically cross-references your asset inventory against new ruby-lang CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

ruby-lang security advisories

Critical Vulnerability: CVE-2016-2337 — ruby-lang — ruby

Critical Vulnerability: CVE-2016-2339 — ruby-lang — ruby

Critical Vulnerability: CVE-2016-2336 — ruby-lang — ruby

Critical Vulnerability: CVE-2017-17790 — ruby-lang — ruby

Critical Vulnerability: CVE-2017-0898 — ruby-lang — ruby

Critical Vulnerability: CVE-2017-11465 — ruby-lang — ruby

Track ruby-lang exposure across your environment