90 matches found
ruby security update
ruby 2.5.9-112 - Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755. CVE-2023-36617 Resolves: RHEL-5614 - Fix Buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-34125 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-34117 -...
ruby:3.1 security, bug fix, and enhancement update
An update is available for module.rubygem-abrt, rubygem-mysql2, module.rubygem-pg, ruby, module.rubygem-mysql2, rubygem-abrt, module.ruby, rubygem-pg. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
The vulnerability of the nestTables configuration in the mysql2 database library allows a attacker to execute a “ prototype contamination ” attack.
The vulnerability of the nestTables configuration in the mysql2 database library is related to improperly controlled modifications of prototype object attributes. Exploiting this vulnerability could allow a malicious actor to execute a “prototype compromise” attack...
Oracle Linux 8 : ruby:3.3 (ELSA-2024-3670)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3670 advisory. - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281...
ruby:3.3 security, bug fix, and enhancement update
ruby 3.3.1-2 - Upgrade to Ruby 3.3.1. Resolves: RHEL-37446 - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-37449 - Fix Arbitrary memory address read vulnerability with Regex searc...
Oracle Linux 9 : ruby:3.1 (ELSA-2024-3668)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3668 advisory. ruby 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE...
ruby:3.1 security, bug fix, and enhancement update
ruby 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-34121 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-33871...
ruby:3.3 security, bug fix, and enhancement update
ruby 3.3.1-2 - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37699 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability with Regex searc...
ruby:3.1 security, bug fix, and enhancement update
ruby 3.1.5-143 - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-35750 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35751...
ruby:3.0 security update
ruby 3.0.7-143 - Fix Zlib test failures on s390x due to HW acceleration Related: RHEL-36189 3.0.7-142 - Upgrade to Ruby 3.0.7. Resolves: RHEL-36189 - Fix HTTP response splitting in CGI. Resolves: RHEL-36193 - Fix ReDoS vulnerability in URI. Resolves: RHEL-36196 - Fix ReDoS vulnerability in Time...
mysql2 vulnerable to Prototype Pollution
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables...
0data (=1.0.0), 1.1.1-version (=1.0.0) +8624 more potentially affected by CVE-2024-21512 via mysql2 (>=0.11.8 <=3.9.7)
mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21512 Source advisory: OSV:GHSA-PMH2-WPJM-FJ45...
Prototype Pollution
mysql2 is vulnerable to Prototype Pollution. The vulnerability is due to improper user input sanitization when data is passed to fields and tables within a nestTables, which allows an attacker to manipulate the objects prototype...
CVE-2024-21512
A flaw was found in MySQL2. This issue is due to prototype pollution caused by improper user input sanitization passed to fields and tables when using nestTables. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Securit...
CVE-2024-21512
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables...
CVE-2024-21512
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables...
PT-2024-4061
Name of the Vulnerable Software and Affected Versions: mysql2 versions prior to 3.9.8 Description: The issue is related to improper user input sanitization passed to fields and tables when using nestTables, leading to Prototype Pollution. This can allow a remote attacker to implement a Prototype...
K000139680: MySQL2 vulnerability CVE-2024-21508
Security Advisory Description Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution RCE via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. CVE-2024-21508 Impact There is no impact; F5 products are not affecte...
GHSA-4RCH-2FH8-94VW MySQL2 for Node Arbitrary Code Injection
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...
MySQL2 for Node Arbitrary Code Injection
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function...