Advisory ROSA-SA-2024-2478

software: yajl 2.1.0 WASP: ROSA-CHROME packageevrstring: yajl-2.1.0-2 CVE-ID: CVE-2023-33460 BDU-ID: 2023-07652 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the yajltreeparse function of the YAJL-ruby JSON library is related to improper memory freeing before deleting the last reference...

SUSE CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

PT-2024-40145 · Unknown · Camaleon Cms +1

Name of the Vulnerable Software and Affected Versions: Camaleon CMS affected versions not specified Description: A stored cross-site scripting issue has been found in the image upload functionality, allowing normal registered users to upload SVG images containing JavaScript or HTML documents by...

Ruby On Rails Weak Secret Key

Ruby On Rails applications use an application key to encrypt and sign various data, including session cookies and other sensitive information. This key is typically stored in the .env file and is used for multiple security-critical operations. When a weak or easily guessable application key is...

The vulnerability of the XML tools for Ruby REXML, related to uncontrolled resource consumption, allows a attacker to cause a service failure.

The vulnerability of the XML tools for Ruby REXML is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the XML tools for Ruby REXML, related to uncontrolled resource consumption, allows a attacker to cause a service failure.

The vulnerability of the XML tools for Ruby REXML is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2024-41946

...

The vulnerability of the XML tools for Ruby REXML stems from improper restrictions on recursive references to entities in DTDs. This allows attackers to trigger a service failure.

The vulnerability of the XML tools for Ruby REXML is related to improper restrictions on recursive references to entities in DTDs. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

CVE-2024-41946 affecting package ruby for versions less than 3.1.4-7

CVE-2024-41946 affecting package ruby for versions less than 3.1.4-7. A patched version of the package is available...

Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)

A stored cross-site scripting has been found in the image upload functionality that can be used by normal registered users: It is possible to upload a SVG image containing JavaScript and it's also possible to upload a HTML document when the format parameter is manually changed to documents1 or a...

GHSA-3HP8-6J24-M5GM Duplicate Advisory: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7x4w-cj9r-h4v9. This link is maintained to preserve external references. Original Description The actions defined inside of the MediaController class do not check whether a given path is inside a certain path e....

Duplicate Advisory: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7x4w-cj9r-h4v9. This link is maintained to preserve external references. Original Description The actions defined inside of the MediaController class do not check whether a given path is inside a certain path e....

CLSA-2024-1727115733 ruby: Fix of CVE-2021-41819

CVE-2021-41819: when parsing cookies, only decode the values...

Ruby Gem Modules Installed (Windows)

Binary data rubymoduleswininstalled.nbin...

Ruby Gem Modules Installed (Linux)

Binary data rubymodulesnixinstalled.nbin...

Debian: Security Advisory (DSA-5774-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

GHSA-6F62-3596-G6W7 HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...

GHSA-6F62-3596-G6W7 vulnerabilities

Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-webrick, ruby3.1-fluentd-kubernetes-daemonset, kube-fluentd-operator...

CVE-2024-47220

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webric...