Possible code injection vulnerability in Rails / Active Storage

There is a possible code injection vulnerability in the Active Storage module of Rails. This vulnerability has been assigned the CVE identifier CVE-2022-21831. Versions Affected: = 5.2.0 Not affected: params:v % Where the transformation method or its arguments are untrusted arbitrary input. All...

OS Command Injection

minimagick is vulnerable to OS command injection. The input to Image.open is passed directly to Kernelopen, which accepts the | character. This allows a remote attacker to inject arbitrary OS command via a malicious image filename...

RubyGems fastreader 'entry_controller.rb'远程命令执行漏洞

BUGTRAQ ID: 58450 RubyGems fastreader是基于终端的订阅器。 fastreader在entrycontroller.rb的实现上存在远程命令执行漏洞，攻击者可利用此漏洞在受影响应用上下文中执行任意代码。 0 rubygems fastreader 厂商补丁： rubygems -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://rubygems.org/gems/minimagick...