All Articles
122 articles on upgrading Ruby, Rails, and managing dependencies
Understanding CVE-2007-5770: The Widespread SSL CN Validation Flaw in Ruby
An examination of CVE-2007-5770, where Ruby's core network libraries failed to validate SSL certificate Common Names, enabling MitM attacks.
CVE-2007-6077: Incomplete Fix for Rails Session Fixation
An examination of CVE-2007-6077, where a flawed patch in Rails 1.2.4 failed to fully address session fixation due to mutable state in constants.
CVE-2007-6612: Mongrel Directory Traversal via Double-Encoded Sequences
An overview of CVE-2007-6612, a directory traversal vulnerability in the Mongrel web server for Ruby, including its impact and remediation.
CVE-2008-1145: Ruby WEBrick Directory Traversal Vulnerability
An analysis of CVE-2008-1145, a critical directory traversal vulnerability in Ruby's WEBrick server that allowed remote attackers to access arbitrary files.
CVE-2008-1447: Ruby DNS Spoofing Vulnerability
An examination of CVE-2008-1447, the infamous Kaminsky DNS spoofing vulnerability in Ruby's resolv.rb, and its impact on DNS security.
CVE-2008-1891: WEBrick Directory Traversal in Ruby
Explore CVE-2008-1891, a directory traversal and source code disclosure vulnerability in Ruby WEBrick that affected Windows environments.
CVE-2008-2376: Integer Overflows in Ruby's Array#fill
An exploration of CVE-2008-2376, how integer overflows manifest in C-based Ruby implementations, and why upgrading is the only sustainable defense.
CVE-2008-2662: Integer Overflows in Ruby's rb_str_buf_append
An analysis of CVE-2008-2662, an integer overflow vulnerability in Ruby's string concatenation.
CVE-2008-2663: Ruby Integer Overflows
An analysis of CVE-2008-2663, an integer overflow vulnerability in Ruby 1.8.x's rb_ary_store function that causes buffer overflows during array assignment.
Understanding CVE-2008-2664: Unsafe Use of alloca in Ruby's rb_str_format
An in-depth look at CVE-2008-2664, a high-severity vulnerability in Ruby involving unsafe use of alloca in rb_str_format.
CVE-2008-2725: Integer Overflows in Array Methods
An in-depth look at CVE-2008-2725, an integer overflow vulnerability in Ruby's Array implementation.
CVE-2008-2726: Ruby Integer Overflow in rb_ary_splice
An analysis of CVE-2008-2726, an integer overflow vulnerability in Ruby's Array methods like Array#slice= and Array#replace.
CVE-2008-3443: Ruby Regex Memory Allocation Denial of Service
A look into CVE-2008-3443, a denial of service vulnerability in early Ruby versions where the regular expression engine could crash due to memory allocation failures.
Understanding CVE-2008-3655: Multiple Insufficient $SAFE Level Restrictions in Ruby
An in-depth analysis of CVE-2008-3655, a vulnerability in early Ruby versions where incomplete $SAFE level checks allowed attackers to bypass sandbox restrictions.
CVE-2008-3657: Ruby DL Module Taint Bypass
Learn about CVE-2008-3657, a critical vulnerability in Ruby 1.8 and 1.9 where missing taint checks in the DL module allowed attackers to bypass $SAFE levels and achieve remote code execution.
Understanding CVE-2008-3790: Ruby REXML Denial of Service Vulnerability
An overview of CVE-2008-3790, a denial-of-service vulnerability in early Ruby versions where the REXML parser allowed unbounded XML entity expansion (the Billion Laughs attack).
CVE-2008-3905: Sequential Transaction IDs and DNS Spoofing in resolv.rb
An in-depth look at CVE-2008-3905, where predictable transaction IDs and source ports in Ruby's resolv.rb allowed DNS spoofing attacks.
CVE-2008-4094: SQL Injection via limit and offset in Ruby on Rails
An in-depth look at CVE-2008-4094, a high-severity SQL injection vulnerability in early Ruby on Rails versions, and the importance of upgrading legacy systems.
CVE-2008-4310: WEBrick Denial of Service Vulnerability
An analysis of the regular expression denial of service (ReDoS) vulnerability in WEBrick, Ruby's standard HTTP server, and the importance of comprehensive security patches.
CVE-2008-5189: Ruby on Rails CRLF Injection
A detailed look at CVE-2008-5189, a CRLF injection vulnerability in early versions of Ruby on Rails that enabled HTTP Response Splitting via the redirect_to method.
Sponsored by Durable Programming
Need help maintaining or upgrading your Ruby on Rails application? Durable Programming specializes in keeping Rails apps secure, performant, and up-to-date.
Hire Durable Programming