148 matches found
PT-2023-18702 · Ruby +5 · Ruby +5
Name of the Vulnerable Software and Affected Versions: Active Support versions prior to 6.1.7.1 Active Support versions prior to 7.0.4.1 Description: The issue is related to insufficient input validation in the Inflector.underscore method, which can lead to a regular expression based DoS...
CVE-2022-3358 : Using a Custom Cipher with NID_undef may lead to NULL encryption
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0, and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions...
CVE-2018-0732. Client DoS due to large DH parameter.
Security Advisory ID : BSA-2022-627 Component : OpenSSL Revision : 1.0 During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key...
CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file
Security Advisory ID : BSA-2022-2073 Component : GNU Coreutils Revision : 1.0 In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of...
CVE-2017-18018: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. Affected Products All versions of...
rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the raw: true parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity ...
Exploit for Deserialization of Untrusted Data in Rubyonrails Rails
CVE-2020-8165 Ruby on Rails For educational purposes only...
GHSA-35C4-F3RQ-F9G3 Moderate severity vulnerability that affects activesupport
Withdrawn, accidental duplicate publish. The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...
The vulnerability of the active-support gem for the Ruby programming language, which allows a hacker to execute arbitrary code.
The vulnerability of the active-support gem for the Ruby programming language is related to the use of hidden malicious code. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
active-support impersonates 'activesupport' gem
The active-support ruby gem gem is malware and duplicates the official activesupport no hyphen gem, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain 29faea63.planfhntage.de, downloads a payload, and executes. This trojan horse gem could allow a remote...
GHSA-2J55-PCW5-X4H2 active-support impersonates 'activesupport' gem
The active-support ruby gem gem is malware and duplicates the official activesupport no hyphen gem, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain 29faea63.planfhntage.de, downloads a payload, and executes. This trojan horse gem could allow a remote...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
active-support ruby gem could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...
CVE-2018-3779
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...
CVE-2018-3779
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...
CVE-2018-3779
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...
Code injection
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...
CVE-2018-3779
CVE-2018-3779 affects the active-support Ruby gem (version 5.2.0): the gem contains a malicious backdoor trojan that duplicates the official activesupport gem and installs a compiled extension. The extension resolves a base64-encoded domain (29faea63.planfhntage.de), downloads a payload, writes i...
CVE-2018-3779
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...
RubyGems: Malware in `active-support` gem
This was sent to RubySec: The gem duplicates official activesupport no hyphen code, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain 29faea63.planfhntage.de, downloads a payload, and executes...
(RHSA-2018:0239) Low: Red Hat Enterprise Linux 6.2 AMC Retirement Notice
In accordance with the Red Hat Enterprise Linux Errata Support Policy, Advanced Mission Critical for Red Hat Enterprise Linux 6.2 was retired as of January 29, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical...