Moderate: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rubygem-rdoc: Command injection vulnerability in RDoc CVE-2021-31799 ruby: FTP PASV command response can cause Net::FTP to connect...

mruby code issue vulnerability (CNVD-2022-13378)

mruby is a lightweight implementation of the Ruby language. Homebrew mruby is vulnerable to code issues, and no detailed vulnerability details are available at this time...

ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?

A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby...

Important: Red Hat Security Advisory: ruby:2.6 security update

An update for the ruby:2.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CTF-All-In-One

This is a comprehensive guide to CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Cheng, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...

Ruby 输入验证错误漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the personal developer Yukihiro Matsumoto. buffer overflow vulnerability exists in versions prior to Ruby 3.0.3, which stems from a buffer overflow string 700 MB to CGI.escapehtml when passing very large data. ...

Important: Red Hat Security Advisory: ruby:2.7 security update

An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

purple-team-attack-automation

This is an offensive tool for Metasploit Framework. The tool is designed to automate the process of exploiting vulnerabilities in various systems. It is likely used for penetration testing and vulnerability assessment purposes. The tool is written in Ruby and utilizes the Metasploit Framework,...

Ruby 加密问题漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer, Yukihiro Matsumoto. Ruby suffers from a cryptographic issue vulnerability that arises from a networked system or product that does not properly use the relevant cryptographic algorithm...

ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?

A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw to make a Ruby...

ruby: XML round-trip vulnerability in REXML

A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in...

ALSA-2021:2588 Moderate: ruby:2.6 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 2.6.7. BZ1952627 Security Fixes: rubygem-bundler: Insecure permissions...

Moderate: Red Hat Security Advisory: rh-ruby25-ruby security, bug fix, and enhancement update

An update for rh-ruby25-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Ruby 命令注入漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer, Yukihiro Matsumoto. Ruby suffers from a command injection vulnerability that stems from incorrect input validation, which can be exploited by an unauthenticated, remote attacker to pas...

[SECURITY] Fedora 34 Update: rubygem-pry-0.13.1-5.fc34

Pry is a runtime developer console and IRB alternative with powerful introspection capabilities. Pry aims to be more than an IRB replacement. It is an attempt to bring REPL driven programming to the Ruby language...

Ruby 路径遍历漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer, Yukihiro Matsumoto. A path traversal vulnerability exists in REXML in Ruby 2.5.9, which stems from the fact that parsing and serializing a carefully crafted XML document may create an...

Improper Input Validation

Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Improper Input Validation. When parsing and serializing a crafted XML document, REXML gem including the one bundled with Ruby can create a wrong XML document whose structure is different from the...

PT-2020-16179 · Ruby +1 · Gon +1

Name of the Vulnerable Software and Affected Versions: gon versions prior to 6.4.0 Description: An issue was discovered in the gon gem for Ruby, where MultiJson does not honor the escape mode parameter to escape fields as an XSS protection mechanism. To mitigate, json dumper.rb in gon now does...

[SECURITY] [DSA 4721-1] ruby2.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 08, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4721-1] ruby2.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4721-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 08, 2020 https://www.debian.org/security/faq -...