Lucene search
K

96 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:45 p.m.3 views

Malicious code in a15745105-ichinokii (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:44 p.m.2 views

Malicious code in a14z6ch-elapsed-days (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:44 p.m.4 views

Malicious code in a-stupid_test_gem (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:44 p.m.3 views

Malicious code in 3scale-client (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:44 p.m.4 views

Malicious code in 37_pieces-of-flair (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/08/10 3:30 p.m.4 views

Malicious code in puppet-module-posix-system-r3.2 (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 835ce606cd37fa823a80a445ab30dce0ec0005af3a78f9ed7a8d35d63db99474 The OpenSSF Package Analysis project identified 'puppet-module-posix-system-r3.2' @ 1.0.0 rubygems as malicious. It is considered malicious...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/07/15 9:45 a.m.3 views

Malicious code in naveengem (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12a3ed7380fdb815c2f8c5a086b33d516acc0bbdaab4d4df8203efed20ae348b The OpenSSF Package Analysis project identified 'naveengem' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/06/17 10:50 p.m.3 views

Malicious code in ptrsec_rce (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5c5f0c378deb022411d3a83e2b929f8ef8f9ad8e8eedd366e0863b7eb25d8aea The OpenSSF Package Analysis project identified 'ptrsecrce' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2023/01/20 12:0 a.m.4 views

rubygem-activesupport 安全漏洞

rubygem-activesupport is an application of rubygems open source. A security vulnerability exists in rubygem-activesupport. An attacker exploited the vulnerability to perform a regular expression denial of service attack...

7.5CVSS7.3AI score0.01712EPSS
Exploits0References8
OSV
OSV
added 2020/07/31 5:40 p.m.13 views

GHSA-2V5C-755P-P4GV Missing TLS certificate verification in faye-websocket

The Faye::WebSocket::Client class uses the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a...

8CVSS7.8AI score0.00914EPSS
Exploits1References14
Github Security Blog
Github Security Blog
added 2020/07/31 5:40 p.m.38 views

Missing TLS certificate verification in faye-websocket

The Faye::WebSocket::Client class uses the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a...

8.7CVSS8.1AI score0.00914EPSS
Exploits1References14Affected Software1
Snyk
Snyk
added 2020/04/17 12:0 a.m.2 views

Malicious Package

Overview alertyplugin-slack is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS6.7AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview barometer-weather-bug is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview assemblylineformatter is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS6.9AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2018/04/27 12:0 a.m.5 views

The vulnerability of the RubyGems package management system lies in its improper verification of cryptographic signatures, allowing a hacker to execute arbitrary code.

The vulnerability of the RubyGems package management system is related to improper verification of the cryptographic signatures of packages. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

7.5CVSS7.9AI score0.03037EPSS
Exploits0References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/05/02 12:0 a.m.30 views

Fedora 17 : rubygems-1.8.23-20.fc17 (2012-6132)

New version 1.8.23 is released. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

5.8CVSS8.2AI score0.02477EPSS
Exploits0References4
Rows per page
Query Builder