2169 matches found
CVE-2017-0901
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...
CVE-2017-0902
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...
RubyGems Denial of Service Vulnerability (CNVD-2017-30734)
RubyGems is a Ruby package manager from the RubyGems organization, which is used to distribute and manage Ruby packages. A security vulnerability exists in RubyGems 2.6.12 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service...
RubyGems Secure Bypass Leakage (CNVD-2017-30738)
RubyGems is a Ruby package manager from the RubyGems organization, which is used to distribute and manage Ruby packages. A security vulnerability exists in RubyGems 2.6.12 and earlier versions. An attacker can exploit the vulnerability to inject malicious commands into a user's terminal and execu...
CVE-2017-0900
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a query command...
RubyGems Local Arbitrary File Rewrite Vulnerability
RubyGems is a Ruby package manager from the RubyGems organization, which is used to distribute and manage Ruby packages. A security vulnerability exists in RubyGems 2.6.12 and earlier versions that stems from the program not validating specification names. An attacker can exploit the vulnerabilit...
RubyGems Security Bypass Vulnerability (CNVD-2017-30740)
RubyGems is a Ruby package manager from the RubyGems organization, which is used to distribute and manage Ruby packages. A DNS hijacking vulnerability exists in RubyGems 2.6.12 and earlier versions. An attacker can exploit this vulnerability to conduct a man-in-the-middle attack and install gems ...
FreeBSD : rubygems -- multiple vulnerabilities (3f6de636-8cdb-11e7-9c71-f0def1fd7ea2)
Official blog of RubyGems reports : The following vulnerabilities have been reported: a DNS request hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrar...
RubyGems ANSI escape sequence vulnerability
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences...
rubygems -- multiple vulnerabilities
Official blog of RubyGems reports: The following vulnerabilities have been reported: a DNS request hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary...
RubyGems DoS vulnerability in the query command
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a query command...
RubyGems vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...
RubyGems DNS request hijacking vulnerability
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to down load and install gems from a server that the attacker controls...
From the SSRF implementation chain to the RCE, see How do I use the GitHub Enterprise version of the four vulnerability-vulnerability warning-the black bar safety net
In the past few months, I have been seriously preparing for the 2017 America the Black Hat hacker conference and DEF CON 25 lecture content, and become a Black Hat and DEFCON speaker has always been in my life a very important goal. In addition, this is also my first time in such a formal occasio...
Gitrob - Reconnaissance Tool for GitHub Organizations
Gitrob is a command line tool which can help organizations and security professionals find sensitive information lingering in publicly available files on GitHub. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files th...
RubyGems: Installing a crafted gem package may create or overwrite files
There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a malicious file. Proof of Concept 1: Create a fil...
RubyGems: No limit of summary length allows Denail of Service
Currently, there is no limit for summary length. I think, pushing a gem whose summary is huge, will make gem search unavailable. This is not Arbitrary Code Execution, but really easy to attack. According to CVSS v3.0 Calculator, the severity is High 7.5. How to attack 1 An attacker creates a gem...
RubyGems: Escape sequence injection in "summary" field
Seems we can include any escape sequence in the "summary" field of gemspec. This allows attackers to inject escape sequences to a victim's terminal emulator. How to attack 1 An attacker creates a gem with summary string that includes malicious escape sequences, and push it to rubygems.org. 2 A...
RubyGems: Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier
Description: The RubyGems client supports a gem server API discovery functionality, which is used when pushing or pulling gems to a gem distribution/hosting server, like RubyGems.org. This functionality is provided via a SRV DNS request to the users gem source hostname prepended with...
Man-In-The-Middle (MitM)
excon is vulnerable to man-in-the-middle MitM attacks. The rubygems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct MitM attacks...