EUVD-2019-14737

Malware in sbrugna...

EUVD-2022-6037

Malicious code in bioql PyPI...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad versions prior to 6.3.1, which originates from a vulnerability that allows a local attacker to modify the gem file to inject arbitrary code into a process...

Gem in a Box vulnerable to Cross-site Scripting

geminabox aka Gem in a Box before 0.13.6 is vulnerable to Cross-site Scripting XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...

UBUNTU-CVE-2021-20176

A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability...

PT-2021-3554 · Unknown +5 · Imagemagick +5

Name of the Vulnerable Software and Affected Versions: ImageMagick versions 6.9.11-57 through 7.0.10-57 Description: The issue is related to a divide-by-zero flaw in the gem.c file of ImageMagick, which can be exploited by submitting a crafted file to trigger undefined behavior. This flaw poses a...

Cross site scripting

Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...

RubyGems: [gem server] Stored XSS via crafted JavaScript URL inclusion in Gemspec

Hi, A JavaScript URL injection in the homepage field within a Gemspec file can be leveraged to achieve stored XSS on the default gem server web interface, referenced here. When you install RubyGems, it adds the gem server command to your system. This is the fastest way to start hosting gems. As...

Cross-Site Scripting (XSS)

geminabox is vulnerable to cross-site scripting XSS attacks. It is possible because the spec.homepage and the spec.email parameters are not sanitized, allowing the attackers to trigger XSS by sending a .gem file with gem.homepage value in its .gemspec file...

CVE-2017-14506

geminabox aka Gem in a Box before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...

Design/Logic Flaw

geminabox aka Gem in a Box before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...

FreeBSD : rubygem-geminabox -- XSS & CSRF vulnerabilities (2bffdf2f-9d45-11e7-a25c-471bafc3262f)

Gem in a box XSS vulenrability - CVE-2017-14506 : Malicious attacker create GEM file with crafted homepage value gem.homepage in .gemspec file includes XSS payload. The attacker access geminabox system and uploads the gem file or uses CSRF/SSRF attack to do so. From now on, any user access...