Rails Unsafe Reflection

Ruby On Rails is a popular framework used to build web applications based on the Model-View-Controller MVC architectural pattern. Ruby On Rails provides a method called constantize which allows developers to dynamically find a constant by using a string. The most common usage of this method is to...

Denial of Service (DoS)

Overview bindata is a BinData is a declarative way to read and write binary file formats. This means the programmer specifies what the format of the binary data is, and BinData works out how to read and write data in this format. It is an easier and more readable alternative to ruby's pack and...

Denial Of Service (DoS)

bindata is vulnerable to denial of service. Certain classes in BinData are created very slowly. When combined with constantize, a potential denial of service condition can occur due to excessive consumption of CPU resources...

DEBIAN-CVE-2021-32823

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In combination with...

CVE-2021-32823

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In combination with...

UBUNTU-CVE-2021-32823

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In combination with...

PT-2021-4288 · Ruby +2 · Bindata +2

Name of the Vulnerable Software and Affected Versions: bindata RubyGem versions prior to 2.4.10 Description: The issue is related to a potential denial-of-service vulnerability in the bindata RubyGem. In affected versions, it is very slow for certain classes in BinData to be created, such as...

CVE-2013-1656

Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

CVE-2013-1656

Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

CVE-2013-1656

CVE-2013-1656 affects Spree Commerce 1.0.x through 1.3.2, where remote authenticated administrators could instantiate arbitrary Ruby objects and execute commands via parameters (payment_method, promotion_action, promotion_rule, calculator_type) due to unsafe use of constantize in admin controller...

Spree controller Parameter Arbitrary Ruby Object Instantiation Command Execution

Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated administrators to instantiate arbitrary Ruby objects and executd arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/ paymentmethodscontroller.rb; and the 2 promotionaction parameter to...