You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/user/known-cves.md
+5-1Lines changed: 5 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,11 @@ Cross-reference with the details on [the MRI website](https://www.ruby-lang.org/
19
19
20
20
Number | Description | Their Mitigation | Test | Our Mitigation
21
21
--- | --- | --- | --- | ---
22
-
CVE-2021-41817 | Regular expression denial of service vulnerability (ReDoS) in date | [Fix](https://github.com/ruby/date/commit/3959accef8) | [Test](https://github.com/ruby/date/commit/3959accef8) | Not affected thanks to TRegex
22
+
CVE-2022-28739 | Buffer overrun in String-to-Float conversion | | | Not applicable thanks to Java semantics
23
+
CVE-2022-28738 | Double free in Regexp compilation | | | Not applicable thanks to Java semantics
24
+
CVE-2021-41819 | Cookie Prefix Spoofing in CGI::Cookie.parse | [Fix](https://github.com/ruby/ruby/commit/0f31b3f465) | [Test](https://github.com/ruby/ruby/commit/0f31b3f465) | Same
25
+
CVE-2021-41817 | Regular expression denial of service vulnerability (ReDoS) in date | [Fix](https://github.com/ruby/date/commit/3959accef8) | [Test](https://github.com/ruby/date/commit/3959accef8) | Not applicable thanks to TRegex
26
+
CVE-2021-41816 | Buffer Overrun in CGI.escape_html | [Fix](https://github.com/ruby/ruby/commit/e4b35b158a) | [Test](https://github.com/ruby/ruby/commit/e4b35b158a) | Not applicable, we use the Ruby definition of CGI.escape_html
23
27
CVE-2021-31810 | Trusting FTP PASV responses vulnerability in Net::FTP | [Fix](https://github.com/ruby/ruby/commit/3ca1399150ed4eacfd2fe1ee251b966f8d1ee469) | [Test](https://github.com/ruby/ruby/commit/3ca1399150ed4eacfd2fe1ee251b966f8d1ee469) | Same
24
28
CVE-2021-32066 | A StartTLS stripping vulnerability in Net::IMAP | [Fix](https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a) | [Test](https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a) | Same
25
29
CVE-2021-31799 | A command injection vulnerability in RDoc | [Fix](https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7)[Backport](https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522) | [Test](https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7) | Same
0 commit comments