684 matches found
CVE-2017-0909
The privateaddresscheck ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery...
CVE-2017-0909
The CVE-2017-0909 issue affects the private_address_check Ruby gem (versions before 0.4.1). It enables a bypass of its server-side request forgery (SSRF) protections by an incomplete blacklist of private/local addresses, notably missing 0.0.0.0. Affected behavior: attackers can bypass the blackli...
CVE-2017-0909
The privateaddresscheck ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery...
GHSA-Q97V-764G-R2RP gollum and gollum-lib allow remote authenticated users to execute arbitrary code
The gollum-gritadapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string master is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags...
gollum and gollum-lib allow remote authenticated users to execute arbitrary code
The gollum-gritadapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string master is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags...
gollum and gollum-lib allow remote authenticated users to execute arbitrary code
The gollum-gritadapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string master is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags...
gollum and gollum-lib allow remote authenticated users to execute arbitrary code
The gollum-gritadapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string master is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags...
Server side request forgery (ssrf)
The privateaddresscheck ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery...
Server side request forgery (ssrf)
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery SSRF vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources...
CVE-2017-0904
The privateaddresscheck ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery...
CVE-2017-0904
The privateaddresscheck ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery...
CVE-2017-0904
The privateaddresscheck ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery...
CVE-2017-0889
CVE-2017-0889 affects Paperclip Ruby gem 3.1.4+ (Paperclip::UriAdapter, Paperclip::HttpUrlProxyAdapter) with a Server-Side Request Forgery (SSRF) vulnerability that may allow an attacker to access internal network resources. The connected documents corroborate the vulnerability and impact, but do...
CVE-2017-0889
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery SSRF vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources...
CVE-2017-0904
The private_address_check Ruby gem (versions before 0.4.0) is affected by a bypass of its own privacy filter due to using Ruby’s Resolv.getaddresses, which is OS-dependent and cannot be trusted for security checks. This can undermine server-side request forgery protections that rely on blacklisti...
Ruby yajl-ruby gem denial of service vulnerability
Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. yajl-ruby gem is one of the stream-based parsing library. A security vulnerability exists in the 'yajlstringdecode' function in the yajlencode.c file in...
private_address_check Ruby Gem Blacklist Bypass privilege escalation
The privateaddresscheck ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery...
Denial of service
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This results in the whole ruby process terminating and potentially a denial of service...
CVE-2017-16516
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This results in the whole ruby process terminating and potentially a denial of service...
CVE-2017-16516
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This results in the whole ruby process terminating and potentially a denial of service...