Malicious code in zen-ruby-linter (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-10223 Malicious code in zen-ruby-linter (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in zbt_element_definer (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-47889

A flaw was found in the rubygem actionmailer. Carefully crafted text can cause the blockformat helper to take an unexpected amount of time, possibly resulting in a denial of service. Mitigation Users can avoid calling the blockformat helper or upgrade to Ruby 3.2...

CVE-2024-47888

A possible regular expression denial of service vulnerability was found in the plaintextforblockquotenode helper in Action Text in rubygem. Carefully crafted text can cause the plaintextforblockquotenode helper to take an unexpected amount of time, possibly resulting in a DoS. Mitigation Users ca...

GHSA-H47H-MWP9-C6Q6 Possible ReDoS vulnerability in block_format in Action Mailer

There is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889. Impact ------ Carefully crafted text can cause the blockformat helper to take an unexpected amount of time, possibly resulting in a DoS...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the blockformat helper. An attacker can craft specific input that triggers inefficient regular expression evaluation, causing the application to consume excessive resources and...

Possible ReDoS vulnerability in block_format in Action Mailer

There is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889. Impact ------ Carefully crafted text can cause the blockformat helper to take an unexpected amount of time, possibly resulting in a DoS...

Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text

There is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888. Impact ------ Carefully crafted text can cause the plaintextforblockquotenode helper to take an unexpected amount of time,...

GHSA-WWHV-WXV9-RPGW Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text

There is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888. Impact ------ Carefully crafted text can cause the plaintextforblockquotenode helper to take an unexpected amount of time,...

Regular Expression Denial of Service (ReDoS)

Overview actiontext is a package to edit and display rich text in Rails applications. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the plaintextforblockquotenode helper function due to the usage of an insecure regular expression. By...

Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact ------ For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when using HTTP Token authentication via the method authenticateorrequestwithhttptoken or a similar method. By sending specially crafted headers, an attacker can cause the application to consum...

GHSA-VFG9-R3FQ-JVX4 Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact ------ For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the filteredquerystring function through the query parameter filtering process. By sending specially crafted query parameters, an attacker can cause the service to slow down or become...

GHSA-X76W-6VJR-8XGJ Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. Impact ------ Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time,...

Possible ReDoS vulnerability in query parameter filtering in Action Dispatch

There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. Impact ------ Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time,...

CVE-2024-41946 affecting package ruby for versions less than 3.3.3-2

CVE-2024-41946 affecting package ruby for versions less than 3.3.3-2. A patched version of the package is available...

VulnCheck KEV: CVE-2024-45409

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...

PT-2024-7925

Name of the Vulnerable Software and Affected Versions Action Pack versions 4.0.0 through 6.1.7.8 Action Pack versions 7.0.0 through 7.0.8.4 Action Pack versions 7.1.0 through 7.1.4.0 Action Pack versions 7.2.0 through 7.2.1.0 Description The issue is related to a ReDoS vulnerability in Action...