Ruby


reports in last 90 days

23

disclosed resolved issues

8

disclosed informative issues

3

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Low Ruby is shipping a vulnerable jQuery

None supplied chrisseaton Time to triage: 3 Days and 12 hours


Time to close: 153 Days and 7 hours
Resolved

No rating OS Command Injection via egrep in Rake::FileList

OS Command Injection kyoshida Time to triage: 0 Days and 6 hours


Time to close: 1 Days and 15 hours
Resolved

No rating Command injection in Pathname

Command Injection - Generic ooooooo_q Time to triage: 16 Days and 16 hours


Time to close: 110 Days and 0 hours
Resolved

Medium OpenSSL::X509::Name Equality Check Does Not Work, Patch included

Improper Certificate Validation tylereckstein Time to triage: 8 Days and 19 hours


Time to close: 75 Days and 10 hours
Resolved

No rating SEGV in parse_rat()

Denial of Service etsukata Issue was not triaged


Time to close: 0 Days and 22 hours
Informative

Low Response splitting vulnerability in WEBrick

Cross-site Scripting (XSS) - Generic tenderlove Time to triage: 589 Days and 11 hours


Time to close: 21 Days and 18 hours
Resolved

None Invalid URL parsing '#'

None supplied mrtc0 Issue was not triaged


Time to close: 2 Days and 12 hours
Informative

Medium controlled buffer under-read in pack_unpack_internal()

Buffer Under-read aerodudrizzt Time to triage: 75 Days and 19 hours


Time to close: 27 Days and 18 hours
Resolved

No rating Unix domain socket and a path containing a null character

Improper Access Control - Generic ooooooo_q Time to triage: 52 Days and 22 hours


Time to close: 27 Days and 18 hours
Resolved

No rating The possibility that unintended file operation may be performed because some methods of `Dir` do not check NULL characters.

Improper Access Control - Generic ooooooo_q Time to triage: 55 Days and 21 hours


Time to close: 27 Days and 18 hours
Resolved

No rating Unintentional file creation caused at Tempfile with directory traversal

Improper Access Control - Generic ooooooo_q Time to triage: 56 Days and 2 hours


Time to close: 27 Days and 17 hours
Resolved

None Integer Underflow @ ossl_cipher_pkcs5_keyivgen

Integer Underflow finb Issue was not triaged


Time to close: 0 Days and 13 hours
Informative

No rating Resolv::getaddresses bug that can be abused to bypass security measures.

Violation of Secure Design Principles edoverflow Issue was not triaged


Time to close: 3 Days and 12 hours
Informative

High Bugs

None supplied survivedabuse Issue was not triaged


Time to close: 388 Days and 11 hours
Spam

High Take back my all data from [email protected]

None supplied sam1166 Issue was not triaged


Time to close: 387 Days and 2 hours
Spam

High Provide a security sistem most fit to our team

None supplied sam1166 Issue was not triaged


Time to close: 0 Days and 0 hours
Not-applicable

Low NET::Ftp allows command injection in filenames

Command Injection - Generic staaldraad Issue was not triaged


Time to close: 12 Days and 16 hours
Resolved

None Parsing invalid unicode codepoints using json c extension (2.0.1+) triggers a segfault

Memory Corruption - Generic dgollahon Issue was not triaged


Time to close: 88 Days and 16 hours
Resolved

Medium Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML

Memory Corruption - Generic usa Issue was not triaged


Time to close: 104 Days and 12 hours
Resolved

No rating Ruby 2.4.1 has "Stack consistency error" and aborts when processing return statement within a case statement

Memory Corruption - Generic haquaman Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

No rating Arbitrary heap exposure in JSON.generate

Memory Corruption - Generic ahmadsherif Issue was not triaged


Time to close: 45 Days and 0 hours
Resolved

Medium sprintf combined format string attack

Memory Corruption - Generic aerodudrizzt Issue was not triaged


Time to close: 112 Days and 17 hours
Resolved

Medium Escape sequence injection vulnerability in WEBrick BasicAuth

Command Injection - Generic mame Issue was not triaged


Time to close: 143 Days and 16 hours
Resolved

Critical Open aws s3 bucket s3://rubyci

Information Disclosure sandeep_hodkasia Issue was not triaged


Time to close: 0 Days and 3 hours
Not-applicable

Medium RCE (Remote Code Execution) Vulnerability on Ruby

Remote File Inclusion cloudyvirus Issue was not triaged


Time to close: 0 Days and 5 hours
Not-applicable