28 matches found
EUVD-2022-48994
Malicious code in bioql PyPI...
EUVD-2023-2089
Malicious code in bioql PyPI...
CVE-2023-34090
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...
CVE-2022-46163
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
Insecure Defaults
Overview Affected versions of this package are vulnerable to Insecure Defaults. The library poses a major security risk that can likely be exploited to extract sensitive information or fully compromise the application. An attacker is be able to perform character by character brute-force of...
Sensitive Data Exposure
Ransack is vulnerable to Sensitive Data Exposure Vulnerability. The vulnerability is due to allowing the default behavior of unsafe searching and querying on all class attributes and associations leading to sensitive attributes exposure of classes used in application. This can lead to fully...
Sensitive Data Exposure
Decidim and Decidim-meetings is vulnerable to Sensitive Data Exposure. The vulnerability is due to using a third party library Ransack which allows filtering data on all attributes and associations. This allows an attacker to exfiltrate non-public data from underlying database by traversing...
GHSA-JM79-9PM4-VRW9 Decidim vulnerable to sensitive data disclosure
Note: added the actual report as a comment. Summary Decidim, a platform for digital citizen participation, uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default, this library allows filtering on all data attributes and associations...
Decidim vulnerable to sensitive data disclosure
Note: added the actual report as a comment. Summary Decidim, a platform for digital citizen participation, uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default, this library allows filtering on all data attributes and associations...
CVE-2023-34090
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...
Design/Logic Flaw
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...
CVE-2023-34090 Decidim vulnerable to sensitive data disclosure
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...
CVE-2023-34090 Decidim vulnerable to sensitive data disclosure
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...
CVE-2023-34090
Summary: Decidim prior to 0.27.3 is affected by a data disclosure issue due to the Ransack filtering default behavior allowing all data attributes/associations to be queried, enabling an unauthenticated remote attacker to exfiltrate non-public data from the underlying database. Root cause: Miscon...
Decidim vulnerable to sensitive data disclosure
Note: added the actual report as a comment. Summary Decidim, a platform for digital citizen participation, uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default, this library allows filtering on all data attributes and associations...
Decidim vulnerable to sensitive data disclosure
Note: added the actual report as a comment. Summary Decidim, a platform for digital citizen participation, uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default, this library allows filtering on all data attributes and associations...
PT-2023-24663 · Ransack +2 · Ransack +2
Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.27.3 Description: Decidim, a participatory democracy framework written in Ruby on Rails, uses a third-party library named Ransack for filtering certain database collections. By default, this library allows filterin...
CVE-2022-46163
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
Design/Logic Flaw
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...