CVE-2024-35176: DoS in REXML
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-35176. We strongly recommend upgrading the REXML gem.
Posted by kou on 16 May 2024
Ruby 3.4.0 preview1 Released
We are pleased to announce the release of Ruby 3.4.0-preview1.
Posted by naruse on 16 May 2024
CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search
We have released the Ruby version 3.0.7, 3.1.5, 3.2.4 and 3.3.1 that have a security fix for an arbitrary memory address read vulnerability in Regex search. This vulnerability has been assigned the CVE identifier CVE-2024-27282.
Posted by hsbt on 23 Apr 2024
CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
We have released the RDoc gem version 6.3.4.1, 6.4.1.1, 6.5.1.1 and 6.6.3.1 that have a security fix for a RCE vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27281.
Posted by hsbt on 21 Mar 2024
CVE-2024-27280: Buffer overread vulnerability in StringIO
We have released the StringIO gem version 3.0.1.1 and 3.0.1.2 that have a security fix for a buffer overread vulnerability. This vulnerability has been assigned the CVE identifier CVE-2024-27280.
Posted by hsbt on 21 Mar 2024