Malicious Package

Overview anyvalidate is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using anyvalidate...

Malicious Package

Overview active-modelvalidatorsex is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

Malicious Package

Overview authtransis-client is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

Malicious Package

Overview ama-validators is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using ama-validato...

Malicious Package

Overview application-insights is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

Malicious Package

Overview acts-asjournalized is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

DEBIAN-CVE-2015-4410

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service worker resource consumption or perform a cross-site scripting XSS attack via a crafted string...

CVE-2019-17268

The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected...

DEBIAN-CVE-2020-5217

In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...

UBUNTU-CVE-2020-5217

In Secure Headers RubyGem secureheaders, a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection. This could be us...

XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool

XSpear is XSS Scanner on ruby gems Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser with Selenium Testing request/response for XSS protection bypass and reflectedor all params Reflected Params All paramsfor blind xss, anytings Filtered test...

CVE-2013-4318

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

Design/Logic Flaw

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

CVE-2013-4318

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

CVE-2013-4318

CVE-2013-4318 affects the Ruby Gems Features package (Ruby Features 0.3.0). The issue is a file handling flaw where input submitted to /tmp/out.html is not properly validated, enabling a local cross-site scripting (XSS) attack. Some sources describe the risk as a local XSS, while others reference...

CVE-2014-0084

Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly...

CVE-2014-0084

CVE-2014-0084 affects the Ruby gem openshift-origin-node prior to 2014-02-14, which does not enforce a cronjob timeout, potentially enabling a denial-of-service in cron.daily and cron.weekly. Public records in OSV/RH advisories reference the same issue (GHSA-756M-3QF2-HP58) and describe an improp...

DEBIAN-CVE-2019-15587

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

CVE-2019-16377

The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control...

XSpear - Powerfull XSS Scanning And Parameter Analysis Tool

XSpear is XSS Scanner on ruby gems. Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser with Selenium Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Testi...