CVE-2021-32096

CVE-2021-32096 affects NSA Emissary 5.9.0 — the ConsoleAction component is vulnerable to a CSRF attack that results in injecting arbitrary Ruby code (via an eval call) through the CONSOLE_COMMAND_STRING parameter. This is the stated impact in the CVE entry. The connected documents also corroborat...

CVE-2021-32096

The ConsoleAction component of U.S. National Security Agency NSA Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code for an eval call via the CONSOLECOMMANDSTRING parameter...

Emissary 跨站请求伪造漏洞

Emissary is a software application. A P2P-based data-driven workflow engine that operates across heterogeneous and potentially widely distributed multi-tier P2P network computing resources. U.S. National Security Agency NSA Emissary 5.9.0 suffers from a cross-site request forgery vulnerability th...

ClusterLabs Hawk Code Injection Vulnerability

Clusterlabs Crmsh is a command line software for GNU/Linux systems for high availability cluster management from the ClusterLabs Clusterlabs team. A code injection vulnerability exists in ClusterLabs Hawk 2.x through 2.3.0-x, which stems from a Ruby code injection in hawkremembermeid in the...

Regular Expression Denial Of Service (ReDoS)

tinymce is vulnerable to regular expression denial of service. The vulnerability allows malicious ruby code samples to cause a denial of service condition in the browser while performing syntax highlighting...

GHSA-H96F-FC7C-9R55 Regex denial of service vulnerability in codesample plugin

Impact A regex denial of service ReDoS vulnerability was discovered in a dependency of the codesample plugin. The vulnerability allowed poorly formed ruby code samples to lock up the browser while performing syntax highlighting. This impacts users of the codesample plugin using TinyMCE 5.5.1 or...

Regex denial of service vulnerability in codesample plugin

Impact A regex denial of service ReDoS vulnerability was discovered in a dependency of the codesample plugin. The vulnerability allowed poorly formed ruby code samples to lock up the browser while performing syntax highlighting. This impacts users of the codesample plugin using TinyMCE 5.5.1 or...

Debian: Security Advisory (DSA-4743-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4743-1 : ruby-kramdown - security update

A flaw was discovered in ruby-kramdown, a fast, pure ruby, Markdown parser and converter, which could result in unintended read access to files or unintended embedded Ruby code execution when the ::options / extension is used together with the 'template' option. The update introduces a new option...

Debian DLA-2316-1 : ruby-kramdown security update

ruby-kramdown processes the template option inside Kramdown documents by default, which allows unintended read access such as template='/etc/passwd' or unintended embedded Ruby code execution such as a string that begins with template='string://%= . NOTE: kramdown is used in Jekyll, GitLab Pages,...

DEBIAN-CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

UBUNTU-CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

EulerOS Virtualization 3.0.6.0 : ruby (EulerOS-SA-2020-1717)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Oniguruma 6.x before 6.9.4rc2. In the function fetchintervalquantifier formerly known as...

Unintended read access in kramdown gem

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

DEBIAN-CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

strong_password Ruby gem malicious version causing Remote Code Execution vulnerability

The strongpassword gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Version 0.0.8 does not contain the backdoor...