52 matches found
PT-2021-5751
Name of the Vulnerable Software and Affected Versions bundler versions prior to 2.2.33 Description The issue is related to the handling of untrusted Gemfile's in bundler. When a Gemfile includes gem entries with the git option and invalid values starting with a dash, it can lead to Code Execution...
Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile
In bundler versions before 2.2.33, when working with untrusted and apparently harmless Gemfile's, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the Gemfile itself. However, if the Gemfile includes gem entries that use the git optio...
GHSA-QG54-694P-WGPP Regular expression denial of service vulnerability (ReDoS) in date
Date’s parsing methods including Date.parse are using Regexps internally, some of which are vulnerable against regular expression denial of service. Applications and libraries that apply such methods to untrusted input may be affected. The fix limits the input length up to 128 bytes by default...
RubyGems: Bundler's RCE with response using Marshal
A vulnerability was found in Bundler's dependency API endpoint, which uses Marshal serialization. This could allow for remote code execution if a client receives a specially crafted response. The impact is increased risk from specifying an untrusted source or man-in-the-middle attack...
FreeBSD : rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix) (40194e1c-6d89-11ea-8082-80ee73419af3)
When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269. The previous fix was incomplete, which addressed JSON.parseuserinput, but didn't address some other...
Command injection
RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically...
RVM automatically does "bundle install" on a Gemfile specified by .versions.conf in $PWD
RVM, by default, hooks cd and automatically parses a file named .versions.conf in the directory being changed to. The intention seems to be that, if the user's $rvmautoinstallbundlerflag setting is enabled, then .versions.conf can specify a Gemfile that will automatically be fed to bundle install...
Man-in-the-Middle (MitM)
pry-rescue is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists due to the use of the deprecated :rubygems option in the Gemfile, causing insecure HTTP requests to be made. A malicious user can potentially compromise the download to conduct MitM attacks...
Allows an attacker to inject arbitrary code into your application via any secondary Gem source declared in your Gemfile
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a Gem name collision on a secondary source. Please note that this vulnerability only applies for Ruby projects using Bundler 2.0 with Gemfiles having 2 or more "source" lines. In other words, ...
Ruby on Rails Web Console IP 白名单安全模式绕过
IP whitelist bypass in Web Console There is a remote code execution vulnerability in Web Console. This vulnerability has been assigned the CVE identifier CVE-2015-3224. Versions Affected: All Not affected: Environments inaccessible from remote IPs, or without Web Console enabled Fixed Versions:...
IP whitelist bypass in Web Console
Specially crafted remote requests can spoof their origin, bypassing the IP whitelist, in any environment where Web Console is enabled development and test, by default. Users whose application is only accessible from localhost as is the default behaviour in Rails 4.2 are not affected, unless a loc...
Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability
Overview The Ruby on Rails 3.0 and 2.3 JSON parser contain a vulnerability that may result in arbitrary code execution. Description The Ruby on Rails advisory states:There is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitra...