Lucene search

K
rosalinuxROSA LABROSA-SA-2021-1966
HistoryJul 02, 2021 - 6:06 p.m.

Advisory ROSA-SA-2021-1966

2021-07-0218:06:34
ROSA LAB
abf.rosalinux.ru
7

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.034 Low

EPSS

Percentile

91.2%

Software: ruby 2.0.0.648
OS: Cobalt 7.9

CVE-ID: CVE-2012-6684
CVE-Crit: MEDIUM
CVE-DESC: A cross-site scripting (XSS) vulnerability in the RedCloth 4.2.9 library for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2013-1812
CVE-Crit: CRITICAL
CVE-DESC: ruby-openid heme to 2.2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML object extension (XEE) attack.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2013-6459
CVE-Crit: LOW
CVE-DESC: A cross-site scripting (XSS) vulnerability in the will_paginate gem before version 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors containing generated pagination links.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-2963
CVE-Crit: CRITICAL
CVE-DESC: Prior to version 4.2.2, the gem-scrape for Ruby did not consider the content type value during media type checking, allowing remote attackers to download HTML documents and conduct cross-site scripting (XSS) attacks using a spoofed value. , as shown in image / jpeg.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2015-4411
CVE-Crit: HIGH
CVE-DESC: mongodb :: BSON :: ObjecId.legal? Method in mongodb / bson-ruby before 3.0.4, used in rubygem-moped, allows remote attackers to cause a denial of service (resource consumption by workers) using a crafted string. NOTE. This issue is related to an incomplete fix for CVE-2015-4410.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-9096
CVE-Crit: MEDIUM
CVE-DESC: Net :: SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands, as demonstrated by CRLF sequences immediately before and after the DATA substring.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2015-9097
CVE-Crit: MEDIUM
CVE-DESC: The mail gem before 2.5.5.5 for Ruby (aka Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands, as demonstrated by CRLF sequences immediately before and after DATA. substring.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-6582
CVE-Crit: CRITICAL
CVE-DESC: The Doorkeeper gem prior to version 4.2.0 for Ruby could allow remote attackers to conduct replay attacks or revoke arbitrary tokens by failing to implement the OAuth 2.0 token revocation specification.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2017-1002201
CVE-Crit: MEDIUM
CVE-DESC: in haml versions prior to 5.0.0.beta.2, when using user input to perform tasks on the server, characters like <> "‘should be escaped properly. In this case, a character is missing’. An attacker could manipulate the input to introduce additional attributes, potentially executing code.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-9224
CVE-Crit: CRITICAL
CVE-DESC: The issue was found in Oniguruma 6.2.0, which was used in Oniguruma-mod in Ruby before 2.4.1 and mbstring in PHP before 7.1.5. Off-stack reads occur in match_at () during regular expression lookup. A logical error related to the check and access ordering in match_at () can lead to reading outside the valid range from the stack buffer.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-9225
CVE-Crit: CRITICAL
CVE-DESC: The issue was found in Oniguruma 6.2.0, which was used in oniguruma-mod in Ruby before 2.4.1 and mbstring in PHP before 7.1.5. Off-stack writes in onigenc_unicode_get_case_fold_codes_by_str () occur during regular expression compilation. Code point 0xFFFFFFFFFFFFFF is incorrectly handled in unicode_unfold_key (). An incorrectly formed regular expression can cause 4 bytes to be written off the end of the stack buffer of expand_case_fold_string () during a call to onigenc_unicode_get_case_fold_codes_by_str (), a typical stack buffer overflow.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-9226
CVE-Crit: CRITICAL
CVE-DESC: The issue was found in Oniguruma 6.2.0, which was used in Oniguruma-mod in Ruby before 2.4.1.1 and mbstring in PHP before 7.1.5. Writing or reading outside the heap occurs in next_state_val () during regular expression compilation. Octal numbers greater than 0xff are incorrectly handled in fetch_token () and fetch_token_in_cc (). An incorrectly generated regular expression containing an octal number of the form ‘{ 700’ will result in an invalid code point value greater than 0xff in next_state_val (), which will cause memory corruption when writing beyond the valid limits.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-9227
CVE-Crit: CRITICAL
CVE-DESC: The issue was found in Oniguruma 6.2.0, which was used in Oniguruma-mod in Ruby before 2.4.1 and mbstring in PHP before 7.1.5. Off-stack reads occur in mbc_enc_len () during regular expression lookup. Invalid reg-> dmin processing in forward_search_range () may result in invalid pointer dereferencing, since the out-of-bounds output is read from the stack buffer.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-9228
CVE-Crit: CRITICAL
CVE-DESC: The issue was found in Oniguruma 6.2.0, which was used in Oniguruma-mod in Ruby before 2.4.1.1 and mbstring in PHP before 7.1.5. An off-heap write occurs in bitset_set_range () during compilation of a regular expression due to an uninitialized variable from an invalid state transition. An invalid state transition in parse_char_class () can create an execution path that leaves a critical local variable uninitialized until it is used as an index, resulting in memory corruption of writing outside the allowed limits.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-9229
CVE-Crit: HIGH
CVE-DESC: The issue was found in Oniguruma 6.2.0, which was used in Oniguruma-mod in Ruby before 2.4.1.1 and mbstring in PHP before 7.1.5. SIGSEGV occurs in left_adjust_char_head () during regular expression compilation. Invalid reg-> dmax processing in forward_search_range () can result in invalid pointer dereferencing, usually as an immediate denial-of-service condition.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-16468
CVE-Crit: MEDIUM
CVE-DESC: In the Loofah gem for Ruby, up to v2.2.2, raw JavaScript code may appear in the cleaned output when republishing a created SVG element.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-3740
CVE-Crit: HIGH
CVE-DESC: A specially crafted HTML snippet can cause the Sanitize gem for Ruby to allow non-whitelisted attributes in a whitelisted HTML element.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-3777
CVE-Crit: CRITICAL
CVE-DESC: Insufficient URI encoding in restforce before version 3.0.0 allows an attacker to inject arbitrary parameters into Salesforce API requests.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-8048
CVE-Crit: MEDIUM
CVE-DESC: In the Loofah gem prior to version 2.2.0 for Ruby, HTML attributes that are not whitelisted can appear in cleaned output by republishing the created HTML snippet.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-12732
CVE-Crit: MEDIUM
CVE-DESC: Chartkick gem up to version 3.1.0 for Ruby supports XSS.
CVE-STATUS: Default
CVE-REV: default

CVE-ID: CVE-2019-17383
CVE-Crit: CRITICAL
CVE-DESC: netaddr gem before 2.0.4 for Ruby has incorrectly configured file permissions, so installing the gem may result in 0777 permissions on the target file system.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-16254
CVE-Crit: MEDIUM
CVE-DESC: Ruby up to versions 2.4.7, 2.5.x to 2.5.6, and 2.6.x to 2.6.4 allows HTTP response splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker could use it to insert a newline character to split the header and inject malicious content to trick clients. NOTE: this issue exists due to an incomplete fix for CVE-2017-17742 that addressed the CRLF vector but did not address the isolated CR or isolated LF.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-15587
CVE-Crit: MEDIUM
CVE-DESC: In the Loofah gem for Ruby before v2.3.0, raw JavaScript may appear in the cleaned output when republishing a created SVG element.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-3881
CVE-Crit: HIGH
CVE-DESC: Bundler before 2.1.0 uses a predictable path in / tmp /, created with unprotected permissions, as the storage location for gems if locations in the user’s home directory are unavailable. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in that directory that is later downloaded and executed.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2020-15237
CVE-Crit: MEDIUM
CVE-DESC: In Shrine before version 3.3.0, when using the Derivation_endpoint plug-in, an attacker could use a timing attack to guess the signature of a derived URL. The problem was fixed by comparing the sent and computed signature over a constant time using Rack :: Utils.secure_compare. Users using the Derivation_endpoint plugin are strongly recommended to upgrade to Shrine 3.3.0 or higher. A possible workaround is listed in the linked recommendations.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-14001
CVE-Crit: CRITICAL
CVE-DESC: The kramdown gem prior to 2.3.0 for Ruby by default handles the template parameter within Kramdown documents, allowing unintended read access (e.g., template = “/ etc / passwd”) or unintended execution of Ruby embedded code (e.g., a string that starts with template = "string: //

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.034 Low

EPSS

Percentile

91.2%