This page collects WhisperX intelligence signals tagged #Ruby. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
The Ruby JSON library has released a critical security patch for a format string injection vulnerability, designated CVE-2026-33210. The flaw, fixed in version 2.19.2, specifically affects the `JSON.parse` method when used with the `allow_duplicate_key: false` option. This type of vulnerability can potentially allow an...
A critical security vulnerability has been patched in the widely used Ruby JSON library, exposing applications to a format string injection attack. The flaw, tracked as CVE-2026-33210, was present in the `JSON.parse` method when used with the `allow_duplicate_key: false` option. This type of vulnerability can potential...
A critical security vulnerability in the widely-used Ruby authentication library Devise exposes applications to account takeover risks. The flaw, tracked as CVE-2026-32700, is a race condition within the Confirmable module that allows an attacker to confirm an email address they do not own. This directly impacts any Ra...
A critical format string injection vulnerability has been disclosed in the widely used Ruby `json` library, tracked as CVE-2026-33210. The flaw, which can lead to denial-of-service attacks or information disclosure, is triggered under a specific, non-default configuration. The vulnerability is present when the library'...
The popular Ruby authentication library Devise, version 5.0.3, contains five security vulnerabilities, with the highest severity rated at 7.5 on the CVSS scale. This vulnerable version is actively deployed within the open-source Intercode project, a platform for interactive literature conventions, exposing its codebase...
A critical security alert has been raised for the widely used Doorkeeper OAuth 2.0 provider gem for Ruby on Rails. Version 5.8.2 of the `doorkeeper` gem contains five distinct vulnerabilities, with the highest severity rated at 7.5 on the CVSS scale. This exposure was identified within the dependency chain of the `inte...
A critical security flaw has been identified in the Ruby programming ecosystem, exposing projects that rely on the `positioning-0.4.7.gem` library. The vulnerability, tracked as CVE-2026-33176, carries a high-severity CVSS score of 7.5 and originates from a transitive dependency on `activesupport-8.1.2.gem`. This means...
A critical security alert has been flagged for the open-source project Intercode, revealing that its dependency on the `devise-encryptable-0.2.0.gem` library introduces five distinct vulnerabilities, with the highest severity rated at 7.5 on the CVSS scale. The vulnerable library was detected in the project's dependenc...
A critical security scan has exposed five vulnerabilities within the `graphql-rails_logger-1.2.5.gem` library, a dependency used by the open-source project Intercode. The most severe flaw, tracked as CVE-2026-33176, carries a CVSS score of 7.5, indicating a high risk of exploitation. This vulnerable library was identif...
The Intercode project's codebase contains a critical security exposure through its dependency on the vulnerable `activerecord-session_store-2.2.0.gem`. A scan of the project's `/Gemfile.lock` reveals five distinct vulnerabilities within this library, with the highest severity rated at 7.5 on the CVSS scale. The vulnera...
A critical security scan has flagged the Intercode project's codebase, revealing five distinct vulnerabilities within a core Ruby dependency. The minitest-spec-rails gem, version 7.4.1, contains security flaws with the highest severity rated at 7.5 on the CVSS scale. This exposure is not theoretical; the vulnerable lib...
A critical security vulnerability in the Ruby-LSP extension for VS Code has been patched, exposing developers to arbitrary code execution simply by opening a malicious project. The flaw, tracked as CVE-2026-34060, resided in the handling of the `rubyLsp.branch` workspace setting. This setting was interpolated without s...
A critical vulnerability, tracked as GHSA-xc9x-jj77-9p9j, has been disclosed within the widely-used Nokogiri gem, a core library for parsing HTML and XML in Ruby applications. The flaw stems from improper handling of unexpected data types, potentially exposing countless Ruby and Rails projects to exploitation. The main...
A critical security vulnerability has been patched in the widely used Ruby JSON library, exposing applications to potential format string injection attacks. The flaw, tracked as CVE-2026-33210, was present in the `JSON.parse` method when used with the `allow_duplicate_key: false` option. This type of vulnerability can ...
Ruby 核心文档工具 RDoc 的 3.12.2 版本被确认存在两个高危安全漏洞,最高严重性评分为 7.5(CVSS v3)。这两个漏洞均无官方修复补丁,且直接存在于项目的依赖链中,对使用该版本构建文档的 Ruby 项目构成了直接且持续的暴露风险。 漏洞详情显示,第一个漏洞(CVE-2020-10663,CVSS 7.5)存在于捆绑的 `json-1.8.6.gem` 库中,被标记为直接依赖。第二个漏洞(CVE-2021-31799,CVSS 7.0)则直接存在于 `rdoc-3.12.2.gem` 库本身。两份漏洞报告均明确指出,目前没有可用的官方修复版本(Fixed in: N/A),且漏洞利用成熟度尚未定义。这意味着攻击者...
A critical vulnerability with a maximum CVSS score of 9.8 has been identified in the widely used `aws-sdk-2.0.48.gem` for Ruby, exposing countless projects that depend on the official AWS SDK to potential exploitation. The flaw originates not in the SDK itself but in its transitive dependency, the `jmespath-1.4.0.gem` ...
A critical security vulnerability has been patched in the widely used Ruby `json` library, tracked as CVE-2026-33210. The flaw, a format string injection vulnerability, was present in the `JSON.parse` method when used with the `allow_duplicate_key: false` option. This type of vulnerability can potentially allow an atta...
A low-severity but critical security vulnerability in the widely-used Rack Ruby web server interface has been patched. The flaw, detailed in a GitHub security advisory, could allow attackers to hijack user sessions through timing attacks. By meticulously measuring the time it takes for a system to look up a session ID,...
A critical security vulnerability has been identified in the Puma web server, a core component for many Ruby on Rails applications. The flaw, tracked as GHSA-9hf4-67fc-4vf4, allows malicious clients to override or 'clobber' security-critical HTTP headers set by trusted intermediate proxies, such as `X-Forwarded-For`. T...
A critical security vulnerability in the yajl-ruby library, a widely used JSON parser for Ruby, has been patched. The update to version 1.4.3 addresses a buffer overflow flaw that could lead to a denial-of-service (DoS) infinite loop, a risk that persisted even after the previous 1.4.2 patch. The security advisory warn...