2169 matches found
GHSA-8MW8-J583-VQFG RubyGems passenger gem allows remote attackers to delete files
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. Affects both open source and Enterprise versions 4.0.0.beta1, 4.0.0.beta2...
RubyGems passenger gem allows remote attackers to delete files
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. Affects both open source and Enterprise versions 4.0.0.beta1, 4.0.0.beta2...
RubyGems: Possibility to guess email address from gravatar image URL
The vulnerability allowed an attacker to potentially guess a user's email address by exploiting the use of a simple MD5 hash in the Gravatar implementation on rubygems.org. This could be done by matching the hash in the Gravatar URL with the generated hash from the email address. The impact of th...
CVE-2022-23633
A flaw was found in the Rack middleware package of RubyGems, where response bodies will not close under certain circumstances. This flaw allows an attacker to iterate requests to force ActionDispatch::Executor to not close, allowing subsequent requests to leak data from...
CVE-2022-23634
A flaw was found in Puma and Rails rubygems when response bodies were not closed under certain situations. This flaw allows an attacker, by iterating certain requests, to take advantage of this issue and affect CurrentAttributes, leading to leaked data...
PT-2022-13238 · Rubygems +1 · Rubygems +1
Name of the Vulnerable Software and Affected Versions: Publify versions prior to 9.2.7 Description: The issue concerns business logic errors in the Publify repository. This affects the Rubygems typo package as well. There is no information provided about the estimated number of potentially affect...
[SECURITY] [DSA 5066-1] ruby2.5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5066-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 03, 2022 https://www.debian.org/security/faq -...
Mageia: Security Advisory (MGASA-2017-0482)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2013-0297)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2020-0243)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Over a Dozen Malicious NPM Packages Caught Hijacking Discord Servers
At least 17 malware-laced packages have been discovered on the NPM package Registry, adding to a recent barrage of malicious software hosted and delivered through open-source software repositories such as PyPi and RubyGems. DevOps firm JFrog said the libraries, now taken down, were designed to gr...
CVE-2021-41819
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...
SUSE: Security Advisory (SUSE-SU-2016:1146-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ruby: XSS in HTML generated by RDoc
Vulnerability description not provided...
Cross-Site Request Forgery (CSRF) in trestle-auth
Impact A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account...
CVE-2021-29435
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially...
Design/Logic Flaw
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially...
GHSA-H8HX-2C5R-32CF Cross-Site Request Forgery (CSRF) in trestle-auth
Impact A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account...
Cross-Site Request Forgery (CSRF) in trestle-auth
Impact A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account...
CVE-2021-29435
CVE-2021-29435 affects the trestle-auth Ruby gem (versions 0.4.0 and 0.4.1) used with the Trestle admin framework. The issue allows an attacker to craft a form that bypasses Rails CSRF protection when submitted by a victim who has a trestle-auth admin session, potentially enabling alteration of p...