SUSE-SU-2022:3621-1 Security update for rubygem-activesupport-5_1

This update for rubygem-activesupport-51 fixes the following issues: - CVE-2022-27777: Fixed cross-site scripting vulnerability in Action View tag helper bsc1199060...

Exploit for Command Injection in Rubyonrails Rails

PoC exploit for CVE-2019-5420, a Ruby deserialization vulnerabil...

SUSE SLES15 Security Update : rubygem-actionpack-5_1, rubygem-activesupport-5_1 (SUSE-SU-2022:2108-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2108-1 advisory. - The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the...

Exploit for Deserialization of Untrusted Data in Rubyonrails Rails

CVE-2020-8165 Demo Yet another demo of CVE-2020-8165, though...

openSUSE Security Update : rubygem-activesupport-5_1 (openSUSE-2020-1677)

This update for rubygem-activesupport-51 fixes the following issues : - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution bsc1172186 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...

openSUSE Security Update : rubygem-activesupport-5_1 (openSUSE-2020-1679)

This update for rubygem-activesupport-51 fixes the following issues : - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution bsc1172186 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...

openSUSE: Security Advisory for rubygem-activesupport-5_1 (openSUSE-SU-2020:1679-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1679-1 Security update for rubygem-activesupport-5_1

This update for rubygem-activesupport-51 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution bsc1172186 This update was imported from the SUSE:SLE-15:Update update project...

Security update for rubygem-activesupport-5_1 (critical)

openSUSE Security Update: Security update for rubygem-activesupport-51 Announcement ID: openSUSE-SU-2020:1679-1 Rating: critical References: 1172186 Cross-References: CVE-2020-8165 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description:This upda...

openSUSE: Security Advisory for rubygem-activesupport-5_1 (openSUSE-SU-2020:1677-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1677-1 Security update for rubygem-activesupport-5_1

This update for rubygem-activesupport-51 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution bsc1172186 This update was imported from the SUSE:SLE-15:Update update project...

Security update for rubygem-activesupport-5_1 (critical)

openSUSE Security Update: Security update for rubygem-activesupport-51 Announcement ID: openSUSE-SU-2020:1677-1 Rating: critical References: 1172186 Cross-References: CVE-2020-8165 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description:This upda...

SUSE-SU-2020:2929-1 Security update for rubygem-activesupport-4_2

This update for rubygem-activesupport-42 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution bsc1172186...

SUSE-SU-2020:2899-1 Security update for rubygem-activesupport-5_1

This update for rubygem-activesupport-51 fixes the following issues: - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution bsc1172186...

[SECURITY] Fedora 33 Update: rubygem-activesupport-6.0.3.3-1.fc33

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing...

Fedora: Security Advisory for rubygem-activesupport (FEDORA-2020-4dd34860a3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-8165

A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the raw: true parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity ...

Arbitrary Code Execution

activesupport is vulnerable to arbitrary code execution. The vulnerability exists as the user input written to the cache store using the raw: true parameter can cause the cached code to be evaluated when read again...

ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the raw: true parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of pla...

GHSA-2P68-F74V-9WC6 ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the raw: true parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of pla...