CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2015/04/29 12:0 a.m.•31 views

DLA-209-1 jruby - security update

Bulletin has no description...

5CVSS5.2AI score0.07274EPSS

seebug.org•added 2014/07/01 12:0 a.m.•21 views

JRuby Sandbox 0.2.2 - Sandbox Escape

No description provided by source. Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 +-+++ Authors joernchen joernchen phenoelit de Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox = 0.2.2 https://github.com/omghax/jruby-sandbox Vendor communication 2014-04-22 Send...

7.1AI score

0day.today•added 2014/04/25 12:0 a.m.•17 views

JRuby Sandbox 0.2.2 - Sandbox Escape

jruby-sandbox aims to allow safe execution of user given Ruby code within a JRuby 0 runtime. However via import of Java classes it is possible to circumvent those protections and execute arbitrary code outside the sandboxed environment. Versions 0.2.2 and below are affected. Phenoelit Advisory...

8AI score

Exploit DB•added 2014/04/25 12:0 a.m.•16 views

JRuby Sandbox 0.2.2 - Sandbox Escape

Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox e puts "fail via Ruby ;" end puts "Now for some Java" sand.eval"Kernel.send :javaimport, 'java.lang.ProcessBuilder'" sand.eval"Kernel.send :javaimport, 'java.util.Scanner'" sand.eval"s =...

7.4AI score

exploitpack•added 2014/04/25 12:0 a.m.•9 views

JRuby Sandbox 0.2.2 - Sandbox Escape

JRuby Sandbox 0.2.2 - Sandbox Escape Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox e puts "fail via Ruby ;" end puts "Now for some Java" sand.eval"Kernel.send :javaimport, 'java.lang.ProcessBuilder'" sand.eval"Kernel.send :javaimport,...

7.4AI score

Packet Storm•added 2014/04/24 12:0 a.m.•15 views

JRuby Sandbox 0.2.2 Bypass

7.4AI score

Mageia•added 2014/04/03 1:23 p.m.•24 views

Updated ruby-rack-ssl packages fix CVE-2014-2538

Updated ruby-rack-ssl packages fix security vulnerabilities: Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters su...

4.3CVSS5.6AI score0.00273EPSS

Exploits1References2

NVD•added 2014/03/25 6:21 p.m.•12 views

CVE-2014-2538

Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack...

Prion•added 2014/03/25 6:21 p.m.•14 views

Exploits1References5

Cross site scripting

4.3CVSS6AI score0.00273EPSS

Exploits1References5Affected Software1

UbuntuCve•added 2014/03/25 6:21 p.m.•16 views

CVE-2014-2538

4.3CVSS7.3AI score0.00273EPSS

Exploits1References2

Cvelist•added 2014/03/25 2:0 p.m.•17 views

CVE-2014-2538

5.4AI score0.00273EPSS

Exploits1References5

CVE•added 2014/03/25 2:0 p.m.•77 views

CVE-2014-2538

CVE-2014-2538 describes an XSS vulnerability in the rack-ssl gem’s Ruby component (lib/rack/ssl.rb) prior to version 1.4.0. The issue allows remote attackers to inject arbitrary web script or HTML via a URI, which may not be handled correctly by adapters such as JRuby-Rack. Affected product: rack...

Exploits1References5Affected Software1

Debian CVE•added 2014/03/25 2:0 p.m.•13 views

CVE-2014-2538

RedHat Linux•added 2013/07/09 5:35 p.m.•58 views

Important: Red Hat Security Advisory: Fuse ESB Enterprise 7.1.0 update

Fuse ESB Enterprise 7.1.0 roll up patch 1, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

7.5CVSS6.8AI score0.25732EPSS

Exploits6References8

RubySec•added 2013/07/09 12:0 a.m.•14 views

CVE-2014-2538 rubygem rack-ssl: URL error display XSS

Exploits1References1Affected Software1

Tenable Nessus•added 2013/04/12 12:0 a.m.•40 views

FreeBSD : rubygem-rails -- multiple vulnerabilities (db0c4b00-a24c-11e2-9601-000d601460a4)

Ruby on Rails team reports : Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed : - CVE-2013-1854 Symbol DoS vulnerability in Active Record - CVE-2013-185...

5.8CVSS7AI score0.01795EPSS

Exploits2References9

Tenable Nessus•added 2013/04/01 12:0 a.m.•35 views

Fedora 17 : rubygem-activesupport-3.0.11-9.fc17 (2013-4130)

Fix for jdom: XML Parsing Vulnerability affecting JRuby users. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

5.8CVSS5.4AI score0.00707EPSS

Exploits1References3

seebug.org•added 2013/03/20 12:0 a.m.•50 views

Ruby on Rails XML解析远程拒绝服务漏洞(CVE-2013-1856)

BUGTRAQ ID: 58554 CVECAN ID: CVE-2013-1856 Ruby on Rails简称RoR或Rails，是一个使用Ruby语言写的开源Web应用框架，它是严格按照MVC结构开发的。 Ruby on Rails 3.0.0及之后版本在使用JRuby时，ActiveSupport XML解析器的JDOM后端内存在漏洞，攻击者可利用此漏洞造成拒绝服务或访问应用服务器上的文件。 0 Ruby on Rails 3.x Ruby on Rails 2.x 临时解决方法：如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁：...

5.8CVSS6.3AI score0.00707EPSS