Debian dla-3150 : rexical - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3150 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3150-1 [email protected] https://www.debian.org/lts/security/...

OS Command Injection

mechanize is vulnerable to OS command injection. The Kernel.open method could be used to inject and execute arbitrary OS commands invoked through several class methods. Exploitation is possible when untrusted input is used as a local filename and is passed to the affected functions...

CVE-2021-21289

Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which...

CVE-2021-21289

Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which...

Command injection

Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which...

Command Injection Vulnerability in Mechanize

This security advisory has been created for public disclosure of a Command Injection vulnerability that was responsibly reported by @kyoshidajp Katsuhiko YOSHIDA. Impact Mechanize = v2.0, v2.7.7 allows for OS commands to be injected using several classes' methods which implicitly use Ruby's...

GHSA-QRQM-FPV6-6R8G Command Injection Vulnerability in Mechanize

This security advisory has been created for public disclosure of a Command Injection vulnerability that was responsibly reported by @kyoshidajp Katsuhiko YOSHIDA. Impact Mechanize = v2.0, v2.7.7 allows for OS commands to be injected using several classes' methods which implicitly use Ruby's...

GitLab: FogBugz import attachment full SSRF requiring vulnerability in *.fogbugz.com

Summary: Hi Team, a bit of a odd one here. The FogBugz import code uses CarrierWave::Uploader::Base:download! to download attachments from fogbugz.com when importing a FogBugz repository. CarrierWave::Uploader::Base:download! ultimately uses Kernel.Open to download the provided attachment URL...

Mechanize ruby gem Command Injection vulnerability

Impact Mechanize = v2.0, v2.7.7 allows for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJarload: since v2.0...

GLSA-202006-05 : Nokogiri: Command injection

The remote host is affected by the vulnerability described in GLSA-202006-05 Nokogiri: Command injection A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Rubys Kernel.open method. Processes are vulnerable only if the undocumented method...

BibTeX-Ruby vulnerable to OS command injection

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

GHSA-C5R5-7PFH-6QG6 BibTeX-Ruby vulnerable to OS command injection

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

OS command injection in BibTeX-Ruby

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

OS Command Injection

bibtex-ruby is vulnerable to OS command injection. During opening and parsing of the .bib file at a given path, unescaped user data is passed to an unsafe built-in Kernel.open method through BibTeX.open, allowing the execution of arbitrary OS commands...

CVE-2019-10780

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

CVE-2019-10780

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

Command injection

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

CVE-2019-10780

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

Command injection

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...