これまで報告した脆弱性の中でCVEが割り当てられたもの一覧

2024
- CVE-2024-47888
  - Rails
  - [CVE-2024-47888] Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
- CVE-2024-32464
  - Rails
  - [CVE-2024-32464] ActionText ContentAttachment’s can Contain Unsanitized HTML
- CVE-2024-27281
  - Ruby
  - CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
- CVE-2024-26143
  - Rails
  - Possible XSS Vulnerability in Action Controller
- CVE-2024-26141
  - Rack
  - Possible DoS Vulnerability with Range Header in Rack
2023
- CVE-2023-36617
  - Ruby
  - CVE-2023-36617: ReDoS vulnerability in URI
- CVE-2023-28756
  - Ruby
  - CVE-2023-28756: ReDoS vulnerability in Time
- CVE-2023-27539
  - Rack
  - [CVE-2023-27539] Possible Denial of Service Vulnerability in Rack’s header parsing
- CVE-2023-27531
  - Kredis
  - [CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON
- CVE-2023-22799
  - GlobalID
  - [CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID
- CVE-2023-22796
  - Rails
  - [CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support’s underscore
- CVE-2023-22792
  - Rails
  - [CVE-2023-22792] Possible ReDoS based DoS vulnerability in Action Dispatch
- CVE-2022-44572
  - Rack
  - [CVE-2022-44572] Possible Denial of Service Vulnerability in Rack’s RFC2183 boundary parsing
- CVE-2022-44571
  - Rack
  - [CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing
- CVE-2022-44570
  - Rack
  - [CVE-2022-44570] Possible Denial of Service Vulnerability in Rack’s Range header parsing
2022
- CVE-2022-23517
  - rails-html-sanitizer
  - Inefficient Regular Expression Complexity in rails-html-sanitizer
- CVE-2022-23514
  - loofah
  - Inefficient Regular Expression Complexity in Loofah
- CVE-2022-30122
  - Rack
  - Denial of Service Vulnerability in Rack Multipart Parsing
- CVE-2022-24836
  - Nokogiri
  - Inefficient Regular Expression Complexity in Nokogiri
- CVE-2022-0740
  - Gitlab
  - Bypass of branch restriction in Asana integration
2021
- CVE-2021-39878
  - Gitlab
  - Reflected Cross-Site Scripting in Jira Integration
- CVE-2021-41819
  - Ruby
  - CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
2020
- CVE-2020-28459
  - markdown-it-decorate
  - Cross-site Scripting
- CVE-2020-28455
  - markdown-it-toc
  - Cross-site Scripting
- CVE-2020-7773
  - markdown-it-highlightjs
  - Cross-site Scripting
- CVE-2020-8264
  - Rails
  - [CVE-2020-8264] Possible XSS Vulnerability in Action Pack in Development Mode
- CVE-2020-8159
  - Rails
  - [CVE-2020-8159] Arbitrary file write/potential remote code execution in actionpack_page-caching
2019
- CVE-2019-15845
  - Ruby
  - CVE-2019-15845: File.fnmatch の NUL 文字挿入脆弱性
- CVE-2019-16255
  - Ruby
  - CVE-2019-16255: Shell#[]およびShell#testのコード挿入脆弱性
- CVE-2019-8325
  - Rubygems
  - CVE-2019-8325: ESCAPE SEQUENCE INJECTION VULNERABILITY IN ERRORS
- CVE-2019-8323
  - Rubygems
  - CVE-2019-8323: ESCAPE SEQUENCE INJECTION VULNERABILITY IN API RESPONSE HANDLING
- CVE-2019-8322
  - Rubygems
  - CVE-2019-8322: ESCAPE SEQUENCE INJECTION VULNERABILITY IN gem owner
- CVE-2019-8321
  - Rubygems
  - CVE-2019-8321: ESCAPE SEQUENCE INJECTION VULNERABILITY IN verbose
- CVE-2019-8320
  - Rubygems
  - CVE-2019-8320: DELETE DIRECTORY USING SYMLINK WHEN DECOMPRESSING TAR
- CVE-2019-5420
  - Rails
  - [CVE-2019-5420] Possible Remote Code Execution Exploit in Rails Development Mode
2018
2015
- CVE-2015-0894
  - JVN#30832515 WordPress 用プラグイン All In One WP Security & Firewall における SQL インジェクションの脆弱性

ooooooo-q/cve.md