Design/Logic Flaw

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...

CVE-2021-33473

CVE-2021-33473 concerns the Dragonfly Ruby Gem (v1.3.0) where an argument injection flaw lets an attacker read and write arbitrary files when the verify_url option is disabled. The vulnerability is triggered by a crafted URL, enabling unauthorized file access or modification on affected deploymen...

CVE-2021-33473

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...

PT-2022-10265 · Unknown · Dragonfly Ruby Gem

Name of the Vulnerable Software and Affected Versions: Dragonfly Ruby Gem version 1.3.0 Description: An argument injection issue allows attackers to read and write arbitrary files when the verify url option is disabled. This issue is exploited via a crafted URL. Recommendations: For Dragonfly Rub...

apollo_upload_server has Denial of Service vulnerability

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollouploadserver middleware...

apollo_upload_server has Denial of Service vulnerability

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollouploadserver middleware...

GHSA-756M-3QF2-HP58 openshift-origin-node Improper Input Validation vulnerability

Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly...

GHSA-4FVG-PWV7-V54G Karteek Docsplit vulnerable to OS Command Injection

The extractfromocr function in lib/docsplit/textextractor.rb in the Karteek Docsplit karteek-docsplit gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename...

openshift-origin-node Improper Input Validation vulnerability

Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly...

Echor Ruby Gem credentials can be stolen via process table monitoring

The performrequest function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table...

GHSA-J4GX-P3X5-M987 Echor Ruby Gem credentials can be stolen via process table monitoring

The performrequest function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table...

GHSA-8936-CGJ4-PHR2 Echor contains Command Injection

The performrequest function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password...

Echor contains Command Injection

The performrequest function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password...

GHSA-9X97-X2P9-HVPF Fileutils Command Injection vulnerability

Ruby Gem Fileutils prior to v0.7.1 contains a Command Injection vulnerability in user supplied url variable that is passed to the shell...

Fileutils Command Injection vulnerability

Ruby Gem Fileutils prior to v0.7.1 contains a Command Injection vulnerability in user supplied url variable that is passed to the shell...

GHSA-39V7-XPQ4-8884 PDFKit Improper Input Validation vulnerability

Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability...

GHSA-42GQ-H7XJ-33R4 Features file injection vulnerability

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

Features file injection vulnerability

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

AZL-10552 CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.3.1-2

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

AZL-7126 CVE-2021-41819 affecting package ruby for versions less than 3.1.2-2

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...