rexml: REXML ReDoS vulnerability

A flaw was found in the ReXML XML toolkit for Ruby. Parsing XML data containing a large number of digits between & and x...; in a hex numeric character reference &x...; can trigger a regular expression denial of service ReDoS condition, leading to a denial of service...

UBUNTU-CVE-2024-53988

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

UBUNTU-CVE-2024-53989

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

Internet Bug Bounty: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

A possible ReDoS vulnerability was discovered in the query parameter filtering routines of Action Dispatch in Ruby on Rails. The vulnerability was assigned the CVE identifier CVE-2024-41128. Versions affected were less than 8.0.0.beta1. The issue was addressed in fixed versions 7.2.1.1, 7.1.4.1,...

OESA-2024-2490 rubygem-sinatra security update

Sinatra is a DSL intended for quickly creating web-applications in Ruby with minimal effort. Security Fixes: Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a...

PT-2024-9174 · Jetbrains · Jetbrains Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.52635 Description: The issue is related to a potential ReDoS Regular Expression Denial of Service in the Ruby syntax detector of JetBrains YouTrack. This is due to a vulnerable RegExp with inefficie...

MAL-2024-11083 Malicious code in ruby-lsp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23d59cae1de4c2853d318ad10197c82dc6f10fe194854b704b477cc20b271184 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ruby-lsp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23d59cae1de4c2853d318ad10197c82dc6f10fe194854b704b477cc20b271184 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Astra Linux - уязвимость в needrestart

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

SUSE CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

The vulnerability of the needrestart utility, related to the uncontrolled element in the search process, allows a hacker to execute arbitrary code in the context of the root user.

The vulnerability of the needrestart utility is related to an uncontrolled element in the search process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the root user, when processing the RUBYLIB variable...

USN-7091-2 ruby2.7 vulnerabilities

USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for CVE-2024-35176, CVE-2024-41123, CVE-2024-41946 and CVE-2024-49761 for ruby2.7 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML...

USN-7091-2: Ruby vulnerabilities

USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for CVE-2024-35176, CVE-2024-41123, CVE-2024-41946 and CVE-2024-49761 for ruby2.7 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML...

Ubuntu 20.04 LTS : Ruby vulnerabilities (USN-7091-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7091-2 advisory. USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for ruby2.7 in Ubuntu 20.04 LTS. Tenable has extracted th...

Ubuntu: Security Advisory (USN-7091-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

DEBIAN-CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

CVE-2024-48992

Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable...

USN-7117-1 Several security issues were fixed in needrestart and Module::ScanDeps

Qualys discovered that needrestart passed unsanitized data to a library libmodule-scandeps-perl which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. CVE-2024-11003 Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed...

CVE-2024-48992

CVE-2024-48992 affects needrestart before 3.8. An attacker could trigger arbitrary root commands by supplying an attacker-controlled RUBYLIB and tricking the Ruby interpreter, per the initial description. The TencentOS Server 4 advisory also notes that needrestart passes unsanitized data to Modul...