684 matches found
CVE-2018-3779
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...
CVE-2018-3779
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...
CVE-2018-3779
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...
CVE-2018-3779
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...
CVE-2018-3779
CVE-2018-3779 affects the active-support Ruby gem (version 5.2.0): the gem contains a malicious backdoor trojan that duplicates the official activesupport gem and installs a compiled extension. The extension resolves a base64-encoded domain (29faea63.planfhntage.de), downloads a payload, writes i...
Cross-site request forgery in rails_admin
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
GHSA-PXQR-8V54-M2HJ Cross-site request forgery in rails_admin
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
GHSA-44VC-FPCG-5CC5 Moderate severity vulnerability that affects safemode
Withdrawn, accidental duplicate publish. The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method...
private_address_check contains race condition
The privateaddresscheck ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use TOCTOU race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution i...
CVE-2016-10522
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
Cross site request forgery (csrf)
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
CVE-2016-10522
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
CVE-2016-10522
The CVE-2016-10522 entry concerns the rails_admin Ruby gem
CVE-2016-10522
Removed by vendor...
private_address_check ruby gem competition condition vulnerability
privateaddresscheck ruby gem is a Ruby-based checking tool for server-side request forgery attacks. A contention condition vulnerability exists in the privateaddresscheck ruby gem that stems from the program failing to detect the address used by a socket. No detailed vulnerability details are...
CVE-2018-3759
privateaddresscheck ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use TOCTOU race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a...
CVE-2018-3759
privateaddresscheck ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use TOCTOU race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a...
CVE-2018-3759
The CVE concerns the Ruby gem private_address_check (pre-0.5.0). It describes a TOCTOU race condition caused by not checking the socket’s destination address, where a DNS entry with TTL 0 can yield a public address initially and a private address subsequently. Multiple connected sources (GitHub a...
private_address_check Ruby Gem Time-of-check Time-of-use race condition
privateaddresscheck ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use TOCTOU race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address by the subsequent resolution is a...
Upserve : reports.breadcrumb.com is vulnerable for Arbitrary file existence disclosur CVE-2014-7829
A directory traversal vulnerability in a third-party ruby gem allowed a remote actor to determine the existence but not the contents of files outside of the application root...