701 matches found
CSRF Vulnerability with Non-Session Based Authentication
The PgHero dashboard is vulnerable to CSRF with non-session based authentication methods. Impact The PgHero dashboard is vulnerable to cross-site request forgery CSRF. This affects the Docker image, Linux packages, and in specific cases, the Ruby gem. The Ruby gem is vulnerable with non-session...
SUSE-SU-2020:1919-1 Security update for rubygem-puma
This update for rubygem-puma to version 4.3.5 fixes the following issues: - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage bsc1172175. - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header bsc1172176. - Disabled TLSv1.0 and TLSv1.1...
rubygem-json: Unsafe object creation vulnerability in JSON
A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...
RubyGem Rack Input Validation Error Vulnerability
RubyGem Rack is a modular interface between web servers and web applications developed using the Ruby programming language. A security vulnerability exists in RubyGem Rack versions prior to 2.2.3 and prior to 2.1.4. An attacker can exploit the vulnerability to control cookies prefixed with secure...
rubygem-json: Unsafe object creation vulnerability in JSON
A flaw was found in rubygem-json. While parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269...
Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Vulnerability
Exploit for multiple platform in category web applications Exploit Title : Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Exploit Author : Halis Duraki @0xduraki Product : http-protection Crystal Shard Product URI : https://github.com/rogeriozambon/http-protection Version :...
Cross-Site Scripting in Kaminari
Impact In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1. Releases The 1.2.1 gem including the patch has already been released. All past released versions are affected by this...
DEBIAN-CVE-2020-11077
In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the firs...
DEBIAN-CVE-2020-11076
In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4...
Malicious Package
Overview abn-validator is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using abn-validator...
Malicious Package
Overview dangerapkstats is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using dangerapksta...
Malicious Package
Overview audio-mixer-sox is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview wordify-stuckiest is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview blade-sauce-labsplugin is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview archive-lister is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using archive-list...
Malicious Package
Overview asciidoctorbibliography is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview appdeployer is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using appdeployer...
Malicious Package
Overview ad-search is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using ad-search...
Malicious Package
Overview api-clientbuilder is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview active-comparisonvalidator is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...