2 matches found
Ruby on Rails: ActiveStorage Disk Service Path Traversal via Custom Blob Key Injection
A vulnerability was discovered in the ActiveStorage Disk Service component of Ruby on Rails. The vulnerability allowed an attacker to achieve arbitrary file write, read, and delete on the server's filesystem by injecting a malicious blob key. The vulnerability was due to insufficient validation o...
The vulnerability of the encryption algorithm implementation according to GOST 34.12 in the CTR_OMAC library, which is used in the implementation of the OpenSSL protocol, allows a perpetrator to trigger buffer overflows, provided that the server uses 512-bit secret keys.
The vulnerability of the encryption algorithm implementation according to GOST 34.12 for the CTROMAC library, used in the implementation of the OpenSSL protocol, is related to errors in processing the encryption key for the BLOB object a large binary object in the...