Security Advisory

CVE-2024-27282

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-08 20:40:42

Last updated 2025-11-04 17:17:53

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.

← Browse all CVEs View on cve.org ↗