Lucene search
K

701 matches found

RubySec
RubySec
added 2020/08/04 12:0 a.m.19 views

CSRF Vulnerability with Non-Session Based Authentication

The PgHero dashboard is vulnerable to CSRF with non-session based authentication methods. Impact The PgHero dashboard is vulnerable to cross-site request forgery CSRF. This affects the Docker image, Linux packages, and in specific cases, the Ruby gem. The Ruby gem is vulnerable with non-session...

8.1CVSS2.8AI score0.00465EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/07/15 8:56 a.m.8 views

SUSE-SU-2020:1919-1 Security update for rubygem-puma

This update for rubygem-puma to version 4.3.5 fixes the following issues: - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage bsc1172175. - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header bsc1172176. - Disabled TLSv1.0 and TLSv1.1...

7.5CVSS8.5AI score0.03977EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/23 1:9 p.m.5 views

rubygem-json: Unsafe object creation vulnerability in JSON

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References5
CNVD
CNVD
added 2020/06/22 12:0 a.m.4 views

RubyGem Rack Input Validation Error Vulnerability

RubyGem Rack is a modular interface between web servers and web applications developed using the Ruby programming language. A security vulnerability exists in RubyGem Rack versions prior to 2.2.3 and prior to 2.1.4. An attacker can exploit the vulnerability to control cookies prefixed with secure...

7.5CVSS7.7AI score0.02938EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/06/10 2:36 p.m.3 views

rubygem-json: Unsafe object creation vulnerability in JSON

A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...

7.5CVSS7.2AI score0.06811EPSS
Exploits0References5
0day.today
0day.today
added 2020/05/29 12:0 a.m.73 views

Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Vulnerability

Exploit for multiple platform in category web applications Exploit Title : Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Exploit Author : Halis Duraki @0xduraki Product : http-protection Crystal Shard Product URI : https://github.com/rogeriozambon/http-protection Version :...

7.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/05/28 9:10 p.m.94 views

Cross-Site Scripting in Kaminari

Impact In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1. Releases The 1.2.1 gem including the patch has already been released. All past released versions are affected by this...

6.4CVSS2.3AI score0.01508EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2020/05/22 3:15 p.m.1 views

DEBIAN-CVE-2020-11077

In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the firs...

7.5CVSS6.2AI score0.02806EPSS
Exploits0References1
OSV
OSV
added 2020/05/22 3:15 p.m.1 views

DEBIAN-CVE-2020-11076

In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4...

7.5CVSS6.2AI score0.03977EPSS
Exploits0References1
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview abn-validator is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using abn-validator...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.5 views

Malicious Package

Overview dangerapkstats is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using dangerapksta...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview audio-mixer-sox is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview wordify-stuckiest is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview blade-sauce-labsplugin is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS6.7AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview archive-lister is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using archive-list...

8CVSS6.9AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview asciidoctorbibliography is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview appdeployer is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using appdeployer...

8CVSS6.7AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview ad-search is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using ad-search...

8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview api-clientbuilder is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview active-comparisonvalidator is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS5.5AI score
Exploits0References2
Rows per page
Query Builder