Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2020-1422.NASL
HistoryAug 31, 2020 - 12:00 a.m.

Amazon Linux AMI : ruby24 (ALAS-2020-1422)

2020-08-3100:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1422 advisory.

  • jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the ‘<’ character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the ‘<’ character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. (CVE-2012-6708)

  • The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka Unsafe Object Creation Vulnerability. (CVE-2013-0269)

  • jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
    (CVE-2015-9251)

  • Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. (CVE-2017-17742)

  • Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. (CVE-2019-15845)

  • WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)

  • Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. (CVE-2019-16254)

  • Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)

  • The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application- dependent. (CVE-2020-10663)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1422.
#

include('compat.inc');

if (description)
{
  script_id(140096);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/12");

  script_cve_id(
    "CVE-2012-6708",
    "CVE-2013-0269",
    "CVE-2015-9251",
    "CVE-2017-17742",
    "CVE-2019-15845",
    "CVE-2019-16201",
    "CVE-2019-16254",
    "CVE-2019-16255",
    "CVE-2020-10663"
  );
  script_bugtraq_id(
    57899,
    102792,
    103684,
    105658
  );
  script_xref(name:"ALAS", value:"2020-1422");

  script_name(english:"Amazon Linux AMI : ruby24 (ALAS-2020-1422)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by
multiple vulnerabilities as referenced in the ALAS-2020-1422 advisory.

  - jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function
    does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery
    determined whether the input was HTML by looking for the '<' character anywhere in the string, giving
    attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery
    only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability
    only to attackers who can control the beginning of a string, which is far less common. (CVE-2012-6708)

  - The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to
    cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a
    crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as
    demonstrated by conducting a SQL injection attack against Ruby on Rails, aka Unsafe Object Creation
    Vulnerability. (CVE-2013-0269)

  - jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request
    is performed without the dataType option, causing text/javascript responses to be executed.
    (CVE-2015-9251)

  - Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows
    an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response
    for the HTTP server of WEBrick. (CVE-2017-17742)

  - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within
    File.fnmatch functions. (CVE-2019-15845)

  - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a
    regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server
    that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)

  - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a
    program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to
    insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this
    issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not
    address an isolated CR or an isolated LF. (CVE-2019-16254)

  - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first
    argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An
    attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)

  - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through
    2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not
    rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead
    to creation of a malicious object within the interpreter, with adverse effects that are application-
    dependent. (CVE-2020-10663)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2020-1422.html");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2012-6708");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2015-9251");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-15845");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-16201");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-16254");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-16255");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-10663");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update ruby24' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0269");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-16255");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/08/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/08/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby24-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby24-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby24-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby24-irb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby24-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem24-bigdecimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem24-did_you_mean");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem24-io-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem24-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem24-minitest5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem24-net-telnet");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem24-power_assert");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem24-psych");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem24-rdoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem24-test-unit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem24-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems24-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

pkgs = [
    {'reference':'ruby24-2.4.10-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'ruby24-2.4.10-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'ruby24-debuginfo-2.4.10-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'ruby24-debuginfo-2.4.10-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'ruby24-devel-2.4.10-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'ruby24-devel-2.4.10-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'ruby24-doc-2.4.10-2.12.amzn1', 'release':'ALA'},
    {'reference':'ruby24-irb-2.4.10-2.12.amzn1', 'release':'ALA'},
    {'reference':'ruby24-libs-2.4.10-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'ruby24-libs-2.4.10-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'rubygem24-bigdecimal-1.3.2-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'rubygem24-bigdecimal-1.3.2-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'rubygem24-did_you_mean-1.1.0-2.12.amzn1', 'release':'ALA'},
    {'reference':'rubygem24-io-console-0.4.6-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'rubygem24-io-console-0.4.6-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'rubygem24-json-2.0.4-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'rubygem24-json-2.0.4-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'rubygem24-minitest5-5.10.1-2.12.amzn1', 'release':'ALA'},
    {'reference':'rubygem24-net-telnet-0.1.1-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'rubygem24-net-telnet-0.1.1-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'rubygem24-power_assert-0.4.1-2.12.amzn1', 'release':'ALA'},
    {'reference':'rubygem24-psych-2.2.2-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'rubygem24-psych-2.2.2-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'rubygem24-rdoc-5.0.1-2.12.amzn1', 'release':'ALA'},
    {'reference':'rubygem24-test-unit-3.2.3-2.12.amzn1', 'release':'ALA'},
    {'reference':'rubygem24-xmlrpc-0.2.1-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},
    {'reference':'rubygem24-xmlrpc-0.2.1-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},
    {'reference':'rubygems24-2.6.14.4-2.12.amzn1', 'release':'ALA'},
    {'reference':'rubygems24-devel-2.6.14.4-2.12.amzn1', 'release':'ALA'}
];

flag = 0;
foreach package_array ( pkgs ) {
  reference = NULL;
  release = NULL;
  cpu = NULL;
  el_string = NULL;
  rpm_spec_vers_cmp = NULL;
  allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && release) {
    if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby24 / ruby24-debuginfo / ruby24-devel / etc");
}
VendorProductVersionCPE
amazonlinuxruby24p-cpe:/a:amazon:linux:ruby24
amazonlinuxruby24-debuginfop-cpe:/a:amazon:linux:ruby24-debuginfo
amazonlinuxruby24-irbp-cpe:/a:amazon:linux:ruby24-irb
amazonlinuxruby24-develp-cpe:/a:amazon:linux:ruby24-devel
amazonlinuxruby24-libsp-cpe:/a:amazon:linux:ruby24-libs
amazonlinuxruby24-docp-cpe:/a:amazon:linux:ruby24-doc
amazonlinuxrubygem24-bigdecimalp-cpe:/a:amazon:linux:rubygem24-bigdecimal
amazonlinuxrubygem24-did_you_meanp-cpe:/a:amazon:linux:rubygem24-did_you_mean
amazonlinuxrubygem24-io-consolep-cpe:/a:amazon:linux:rubygem24-io-console
amazonlinuxrubygem24-jsonp-cpe:/a:amazon:linux:rubygem24-json
Rows per page:
1-10 of 201

References

Related

amazon 7
archlinux 3
nessus 57
openvas 20
debian 9
suse 1
osv 17
freebsd 4
cloudfoundry 1
symantec 1
gentoo 1
mageia 2
ubuntu 1
rocky 3
oraclelinux 3
redhat 6
almalinux 2
hackerone 3
fortinet 1
redhatcve 4
alpinelinux 5
prion 5
cve 5
debiancve 6
ubuntucve 8
github 2
veracode 5
ibm 7
rubygems 1
photon 1
zdt 1
f5 1
packetstorm 1
cbl_mariner 4
fedora 1
amazon
amazon
Important: ruby24
2020-08-26 23:09:00
Important: ruby
2024-02-29 10:03:00
Medium: rubygem-json
2020-08-26 23:09:00
archlinux
archlinux
[ASA-201910-5] ruby2.5: multiple issues
2019-10-02 00:00:00
[ASA-201910-2] ruby: multiple issues
2019-10-02 00:00:00
[ASA-201910-4] ruby-rdoc: cross-site scripting
2019-10-02 00:00:00
nessus
nessus
EulerOS 2.0 SP3 : ruby (EulerOS-SA-2020-2139)
2020-09-28 00:00:00
Amazon Linux 2 : ruby (ALASRUBY2.6-2023-007)
2023-09-27 00:00:00
EulerOS Virtualization for ARM 64 3.0.5.0 : ruby (EulerOS-SA-2020-1051)
2020-01-13 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1031)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1051)
2020-01-23 00:00:00
Debian LTS: Security Advisory for ruby2.1 (DLA-2007-1)
2019-11-26 00:00:00
debian
debian
[SECURITY] [DLA 2007-1] ruby2.1 security update
2019-11-25 21:24:29
[SECURITY] [DSA 4587-1] ruby2.3 security update
2019-12-17 09:56:14
[SECURITY] [DSA 4586-1] ruby2.5 security update
2019-12-17 09:37:05
suse
suse
Recommended update for ruby2.5 (important)
2020-03-28 00:00:00
osv
osv
ruby2.3 - security update
2019-12-17 00:00:00
jruby - security update
2019-12-10 00:00:00
ruby2.1 - security update
2019-11-25 00:00:00
freebsd
freebsd
ruby -- multiple vulnerabilities
2019-10-01 00:00:00
RDoc -- multiple jQuery vulnerabilities
2019-08-28 00:00:00
rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)
2020-03-19 00:00:00
cloudfoundry
cloudfoundry
USN-4201-1: Ruby vulnerabilities | Cloud Foundry
2019-12-05 00:00:00
symantec
symantec
Ruby Multiple Security Vulnerabilities
2019-10-01 00:00:00
gentoo
gentoo
Ruby: Multiple vulnerabilities
2020-03-13 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerabilities
2019-12-25 22:08:41
Updated jruby packages fix security vulnerabilities
2020-11-27 23:14:57
ubuntu
ubuntu
Ruby vulnerabilities
2019-11-26 00:00:00
rocky
rocky
ruby:2.5 security, bug fix, and enhancement update
2021-06-29 13:58:20
ruby:2.6 security, bug fix, and enhancement update
2021-06-29 13:58:40
pcs security and bug fix update
2021-07-22 18:18:27
oraclelinux
oraclelinux
ruby:2.5 security, bug fix, and enhancement update
2021-07-02 00:00:00
ruby:2.6 security, bug fix, and enhancement update
2021-07-07 00:00:00
pcs security update
2020-06-12 00:00:00
redhat
redhat
(RHSA-2021:2104) Moderate: rh-ruby25-ruby security, bug fix, and enhancement update
2021-05-25 12:17:56
(RHSA-2021:2587) Moderate: ruby:2.5 security, bug fix, and enhancement update
2021-06-29 13:58:20
(RHSA-2021:2230) Moderate: rh-ruby26-ruby security, bug fix, and enhancement update
2021-06-03 07:45:38
almalinux
almalinux
Moderate: ruby:2.5 security, bug fix, and enhancement update
2021-06-29 13:58:20
Moderate: ruby:2.6 security, bug fix, and enhancement update
2021-06-29 13:58:40
hackerone
hackerone
Ruby: Ruby is shipping a vulnerable jQuery
2019-03-30 14:10:34
Ruby: HTTP header can split /[\r\n]/ instead of /\r\n/
2018-04-02 14:50:38
Ruby: Response splitting vulnerability in WEBrick
2016-07-25 20:33:08
fortinet
fortinet
Protect
2019-04-10 00:00:00
redhatcve
redhatcve
CVE-2019-16254
2020-01-09 19:38:59
CVE-2020-10663
2020-04-24 04:33:39
CVE-2012-6708
2020-04-08 21:22:26
alpinelinux
alpinelinux
CVE-2019-16254
2019-11-26 18:15:00
CVE-2020-10663
2020-04-28 21:15:00
CVE-2012-6708
2018-01-18 23:29:00
prion
prion
Input validation
2019-11-26 18:15:00
Design/Logic Flaw
2020-04-28 21:15:00
Cross site scripting
2018-01-18 23:29:00
cve
cve
CVE-2019-16254
2019-11-26 18:15:00
CVE-2020-10663
2020-04-28 21:15:00
CVE-2012-6708
2018-01-18 23:29:00
debiancve
debiancve
CVE-2019-16254
2019-11-26 18:15:00
CVE-2020-10663
2020-04-28 21:15:00
CVE-2012-6708
2018-01-18 23:29:00
ubuntucve
ubuntucve
CVE-2019-16254
2019-11-20 00:00:00
CVE-2020-10663
2020-04-28 00:00:00
CVE-2012-6708
2018-01-18 00:00:00
github
github
Unsafe object creation in json RubyGem
2020-07-27 18:08:21
Cross-Site Scripting in jquery
2020-09-01 16:41:46
veracode
veracode
Denial Of Service (DoS)
2020-03-23 03:14:43
HTTP Response Splitting
2019-01-15 09:27:07
HTTP Response Splitting
2019-10-02 06:21:10
ibm
ibm
Security Bulletin: Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime
2021-10-13 14:44:47
Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in jQuery.
2023-02-14 21:04:36
Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in jQuery.
2023-02-14 21:14:53
rubygems
rubygems
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
2020-03-18 21:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0263
2019-12-27 00:00:00
zdt
zdt
Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Vulnerability
2021-03-24 00:00:00
f5
f5
K62532311 : jQuery vulnerability CVE-2012-6708
2018-11-28 00:00:00
packetstorm
packetstorm
Linksys EA7500 2.0.8.194281 Cross Site Scripting
2021-03-25 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-16201 affecting package ruby 2.6.3-3
2021-06-09 03:50:37
CVE-2019-16254 affecting package ruby 2.6.3-3
2021-06-09 03:50:37
CVE-2019-16255 affecting package ruby 2.6.3-3
2021-06-09 03:50:37
fedora
fedora
[SECURITY] Fedora 18 Update: rubygem-json-1.6.8-1.fc18
2013-03-05 23:31:15
JSON
Related for ALA_ALAS-2020-1422.NASL
amazon7archlinux3nessus57openvas20debian9suse1osv17freebsd4cloudfoundry1symantec1gentoo1mageia2ubuntu1rocky3oraclelinux3redhat6almalinux2hackerone3fortinet1redhatcve4alpinelinux5prion5cve5debiancve6ubuntucve8github2veracode5ibm7rubygems1photon1zdt1f51packetstorm1cbl_mariner4fedora1