David_H1

**Name of the Vulnerable Software and Affected Versions** Ruby StringIO versions 3.0.1 through 3.0.6 Ruby StringIO versions 3.1.x through 3.1.4 **Description** A buffer-overread issue was discovered in StringIO, where the `ungetbyte` and `ungetc` methods can read past the end of a string, and a subsequent call to `StringIO.gets` may return the memory value. This issue is related to a data leak vulnerability. **Recommendations** For Ruby 3.0 users, update to `stringio` 3.0.1.1 For Ruby 3.1 users, update to `stringio` 3.1.0.2 Update the StringIO gem to version 3.0.3 or later Use `gem update stringio` to update it. If you are using bundler, please add `gem "stringio", ">= 3.0.1.2"` to your `Gemfile`.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1 **Description** The issue allows creating files and folders with leading and trailing ` `, `r`, `t`, and `v` characters. The server rejects these characters when they appear in the middle of file or folder names, which might provide an opportunity for injection. **Recommendations** For versions prior to 20.0.14.4, update to version 20.0.14.4 or later. For versions prior to 21.0.8, update to version 21.0.8 or later. For versions prior to 22.2.4, update to version 22.2.4 or later. For versions prior to 23.0.1, update to version 23.0.1 or later.