Malicious Package

Overview knot-activesupport-logger is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

ROS-20260508-73-0002

Vulnerability in rubygem-activesupport related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260508-73-0004

Vulnerability in rubygem-activesupport related to failure to take measures to protect web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Important: Red Hat Security Advisory: Satellite 6.16.8 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 8 / 9 : Satellite 6.16.8 Async Update (Important) (RHSA-2026:14874)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14874 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessi...

ROS-20260506-73-0041

Vulnerability in rubygem-activesupport related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

RHCOS 6 : rubygem-activesupport (RHSA-2013:0202)

The remote Red Hat Enterprise Linux CoreOS 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:0202 advisory. - rubygem-activesupport: json to yaml parsing CVE-2013-0333 Note that Nessus has not tested for this issue but has instead relied only on the...

RHCOS 6 : Ruby on Rails (RHSA-2013:0153)

The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0153 advisory. - rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack CVE-2013-0156 Note that Nessus has not tested for this...

PT-2026-33982

Name of the Vulnerable Software and Affected Versions ERB versions prior to 6.0.1.1 ERB versions prior to 6.0.4 ERB versions prior to 4.0.3.1 ERB versions prior to 4.0.4.1 Ruby versions prior to 4.0.3 Description A deserialization guard bypass exists in ERB involving the init variable. This issue...

Important Photon OS Security Update - PHSA-2026-4.0-0995

Updates of 'nodejs', 'libtiff', 'python3-PyJWT', 'python3-pyasn1', 'rubygem-activesupport', 'rubygem-rdiscount' packages of Photon OS have been released...

Cross-site Scripting (XSS)

Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the @htmlunsafe flag used by the SafeBuffer% function. An attacker can inject scripts by providing...

Allocation of Resources Without Limits or Throttling

Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NumberConverter. An attacker can cause excessive memory allocation by...

Regular Expression Denial of Service (ReDoS)

Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in numbertodelimited in the NumberToDelimitedConverter. An attacker can cause...

ruby4.0-rubygem-activesupport-8.0-8.0.3-1.3 on GA media (moderate)

ruby4.0-rubygem-activesupport-8.0-8.0.3-1.3 on GA media Announcement ID: openSUSE-SU-2026:10345-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed...

OPENSUSE-SU-2026:10345-1 ruby4.0-rubygem-activesupport-8.0-8.0.3-1.3 on GA media

These are all security issues fixed in the ruby4.0-rubygem-activesupport-8.0-8.0.3-1.3 package on the GA media of openSUSE Tumbleweed...

ROS-20260216-73-0002

Vulnerability in rubygem-activesupport related to incorrect assignment of permissions for a critical resource. Exploitation of the vulnerability could allow an attacker to escalate privileges...

EUVD-2017-0202

Malware in sbrugna...

EUVD-2017-0259

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-28120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. CVE-2023-28120 Note that Nessus reli...

OPENSUSE-SU-2025:15114-1 ruby3.4-rubygem-activesupport-7.0-7.0.8.6-1.3 on GA media

These are all security issues fixed in the ruby3.4-rubygem-activesupport-7.0-7.0.8.6-1.3 package on the GA media of openSUSE Tumbleweed...