55 matches found
DLA-2390-1 ruby-json-jwt - security update
Bulletin has no description...
MGASA-2020-0186 Updated ruby-json packages fix security vulnerability
Updated ruby-json packages fix security vulnerability: In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system CVE-2020-10663...
Updated ruby-json packages fix security vulnerability
Updated ruby-json packages fix security vulnerability: In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system CVE-2020-10663...
Debian DLA-2190-1 : ruby-json security update
In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. For Debian 8 'Jessie', this problem has been fixed in version...
Debian: Security Advisory (DLA-2190-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ruby JSON gem input validation error vulnerability
Ruby JSON gem is a Ruby-based package for parsing JSON from text and generating JSON text from Ruby objects. An input validation error vulnerability in Ruby JSON gem version 2.2.0 and earlier can be exploited to force the creation of arbitrary objects on a target system...
[SECURITY] [DLA 2190-1] ruby-json security update
Package : ruby-json Version : 1.8.1-1+deb8u1 CVE ID : CVE-2020-10663 In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target...
DLA-2190-1 ruby-json - security update
Bulletin has no description...
Debian DSA-4283-1 : ruby-json-jwt - security update
It was discovered that ruby-json-jwt, a Ruby implementation of JSON web tokens performed insufficient validation of GCM auth tags. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4283. The text itself is...
[SECURITY] [DSA 4283-1] ruby-json-jwt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4283-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 31, 2018 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-4283-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DLA-215-1 libjson-ruby - security update
Bulletin has no description...
sfpagent Gem for Ruby JSON[body] Module Name Remote Command Execution
sfpagent Gem for Ruby contains a flaw that is triggered as JSONbody input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands...
rubygem-json: Denial of Service and SQL Injection
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
rubygem-json: Denial of Service and SQL Injection
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...