Oracle Linux 8 : ruby (ELSA-2024-4499)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4499 advisory. - Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755. CVE-2023-36617 Resolves: RHEL-5614 - Fix Buffer overread vulnerability in...

ruby security update

ruby 2.5.9-112 - Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755. CVE-2023-36617 Resolves: RHEL-5614 - Fix Buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-34125 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-34117 -...

Rocky Linux 8 : ruby (RLSA-2024:4499)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:4499 advisory. rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 CVE-2023-36617 ruby: Buffer overread vulnerability in StringIO...

SUSE-SU-2024:2435-1 Security update for python3-setuptools

This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service ReDoS in packageindex.py bsc1206667...

rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This issue may result in a regular expression denial of service ReDoS...

RHEL 9 : ceph (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - marked: regular expression inline.reflinkSearch may lead Denial of Service CVE-2022-21681 - Marked is a...

RHEL 9 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - angular: XSS vulnerability CVE-2021-4231 - Hawk is an HTTP authentication scheme providing mechanisms for...

RHEL 8 : ruby (RHSA-2024:4499)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4499 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

CVE-2024-39249

A flaw was found in the async Node.js package. A Regular expression Denial of Service ReDoS attack can potentially be triggered via the autoinject function while parsing specially crafted input...

CVE-2024-6434 Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service

The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service ReDoS in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with...

CVE-2024-6434 Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service

The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service ReDoS in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with...

Regular Expression Denial Of Service (ReDoS)

rack is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is caused due to improper handling and parsing of HTTP Accept headers using regular expressions.This allows an attacker to send specially crafted Accept-Encoding or Accept-Language headers, causing the server to...

GHSA-CJ83-2WW7-MVQ7 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...

Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...

Regular Expression Denial Of Service (ReDoS)

async is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to the autoinject function, which allows an attacker to slowdown parsing with crafted whitespaces, resulting in Regular Expression Denial of Service ReDoS...

Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2024-39316 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2024-39316

Rack is a modular Ruby web server interface. A ReDoS vulnerability exists in Rack::Request::Helpers when parsing HTTP Accept headers, affecting Rack 3.1.0 up to, but not including, 3.1.5. An attacker can trigger excessive server processing by sending specially crafted Accept-Encoding or Accept-La...