RHSA-2024:4499MediumCVSS 6.6

Red Hat Security Advisory: ruby security update

Published
July 11, 2024
Last Modified
June 28, 2026

🔗 CVE IDs covered (5)

📋 Description

CVE-2023-36617 — rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 CVE-2024-27280 — ruby: Buffer overread vulnerability in StringIO CVE-2024-27281 — ruby: RCE vulnerability with .rdoc_options in RDoc CVE-2024-27282 — ruby: Arbitrary memory address read vulnerability with Regex search CVE-2024-35176 — REXML: DoS parsing an XML with many <s in an attribute value

🔗 References (8)