13 matches found
Devise Has A Confirmable "change Email" Race Condition Permits User To Confirm Email They Have No Access To
Impact A race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the "reconfirmable" option the default when using Confirmable with email changes. By sending two concurrent email change requests, an...
Arbitrary Code Execution
Overview Affected versions of this package are vulnerable to Arbitrary Code Execution via the Mongoid::Criteria.fromhash function. An attacker can execute arbitrary Ruby code by supplying a specially crafted Hash value. Remediation Upgrade mongoid to version 7.6.1, 8.0.12, 8.1.12, 9.0.10 or highe...
CVE-2026-2302
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
CVE-2026-2302
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
CVE-2026-2302
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
CVE-2026-2302
Technical details about CVE-2026-2302 are not publicly available in the provided Connected documents. Monitor for updates; current information includes an Arbitrary Ruby code execution condition tied to Mongoid::Criteria.from_hash but no vendor/version specifics are given here.
CVE-2026-2302 Unsafe Reflection in Mongoid::Criteria.from_hash
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
CVE-2026-2302 Unsafe Reflection in Mongoid::Criteria.from_hash
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
Unsafe Reflection in Mongoid::Criteria.from_hash
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...
PT-2026-7435
Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from hash may allow for executing arbitrary Ruby code...
Malicious code in activeadmin_mongoid-localize (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious Package
Overview activeadminmongoid-localize is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
[SECURITY] Fedora 22 Update: rubygem-moped-1.5.3-1.fc22
Moped is a MongoDB driver for Ruby, which exposes a simple, elegant, and fast API. Moped is the supported driver for Mongoid from version 3 and higher. Moped is composed of three parts: an implementation of the BSON specification, an implementation of the Mongo Wire Protocol, and the driver itsel...