SUSE CVE-2020-5249

In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...

SUSE CVE-2020-11076

In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4...

SUSE CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

SUSE CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

SUSE CVE-2021-32823

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In combination with...

Exploit for CVE-2022-25765

Exploit for CVE-2022-25765 pdfkit - Command Injection !Git...

rubygem-activerecord 安全漏洞

rubygem-activerecord is an application of rubygems open source. A security vulnerability exists in rubygem-activerecord that stems from the presence of a denial of service...

rubygem-rack 安全漏洞

rubygem-rack is an application in the rubygems open source. Rubygem-rack has a security vulnerability that stems from a denial of service in Content-Disposition parsing...

HTTP response splitting in CGI

Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to...

GHSA-VC47-6RQG-C7F5 HTTP response splitting in CGI

Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to...

OESA-2022-2093 rubygem-websocket-extensions security update

Generic extension manager for WebSocket connections. Security Fixes: websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content ...

SUSE-SU-2022:3794-1 Security update for rubygem-puppet

This update for rubygem-puppet fixes the following issues: - CVE-2021-27023: Fixed an unsafe HTTP redirect bsc1192797...

Exploit for OS Command Injection in Newspaperclub Pdf_Info

CVE-2022-36231 The ruby gem pdfinfohttps://rubygems.org/g...

SUSE-SU-2022:3259-1 Security update for rubygem-kramdown

This update for rubygem-kramdown fixes the following issues: - CVE-2020-14001: Fixed processing template options inside documents allowing unintended read access or embedded Ruby code execution bsc1174297...

CVE-2022-30123

A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's Lint middleware and CommonLogger middleware. This issue can leverage these escape sequences to execute commands in the victim's...

GHSA-FJ34-JHJX-XMVV Arbitrary file write in dragonfly

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...

Arbitrary file write in dragonfly

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...

Arbitrary file write in dragonfly

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...

CVE-2021-33473

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...

CVE-2021-33473

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...