93 matches found
CVE-2022-36231
pdfinfo 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3...
CVE-2021-32096
The ConsoleAction component of U.S. National Security Agency NSA Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code for an eval call via the CONSOLECOMMANDSTRING parameter...
CVE-2021-35514
Narou aka Narou.rb before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel...
CVE-2018-10199
In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::Fileinitilializecopy. An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code...
CVE-2022-36231
pdfinfo 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3...
Command injection
pdfinfo 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3...
CVE-2022-36231
pdfinfo 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3...
SUSE CVE-2019-16255
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...
rubygem-rdoc: Command injection vulnerability in RDoc
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...
rubygem-rdoc: Command injection vulnerability in RDoc
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...
GHSA-GWRJ-88FP-5M36 Code injection in Narou
Narou aka Narou.rb before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel...
Narou Code Injection Vulnerability
Narou is a novel publishing site by an individual Japanese developer. Narou suffers from a code injection vulnerability in versions prior to 3.8.0 that allows an attacker to inject Ruby code via the title name or author name of a novel. An attacker could use this vulnerability to inject code to...
CVE-2021-35514
Narou aka Narou.rb before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel...
CVE-2021-35514
Narou aka Narou.rb before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel...
CVE-2021-35514
Narou aka Narou.rb before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel...
CVE-2021-35514
Narou (aka Narou.rb) up to version 3.8.0 is vulnerable to Ruby code injection via the title or author name fields of a novel. The underlying issue is untrusted code execution through these inputs, enabling code execution on the affected system. Affected software: Narou.rb (Ruby-based Narou). Root...
Narou 代码注入漏洞
Narou is a novel publishing site by an individual Japanese developer. Narou suffers from a code injection vulnerability in versions prior to 3.8.0 that allows an attacker to inject Ruby code via the title name or author name of a novel. An attacker could use this vulnerability to inject code to...
CVE-2021-32096
The ConsoleAction component of U.S. National Security Agency NSA Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code for an eval call via the CONSOLECOMMANDSTRING parameter...
CVE-2021-32096
The ConsoleAction component of U.S. National Security Agency NSA Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code for an eval call via the CONSOLECOMMANDSTRING parameter...
Cross site request forgery (csrf)
The ConsoleAction component of U.S. National Security Agency NSA Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code for an eval call via the CONSOLECOMMANDSTRING parameter...