EUVD-2017-0268

Malware in sbrugna...

Remote Code Execution (RCE)

activerecord is vulnerable to Remote Code Execution RCE. Active Record uses YAML.unsafeload to convert the YAML data in to Ruby objects allowing an attacker who can manipulate data in the database to execute malicious code remotely...

Active Record RCE bug with Serialized Columns

When serialized columns that use YAML the default are deserialized, Rails uses YAML.unsafeload to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database via means like SQL injection, then it may be possible for the attacker to escalate to an RCE. There are no...

GitLab: RCE via unsafe inline Kramdown options when rendering certain Wiki pages

Summary When rendering wiki content with certain extensions such as .rmd, renderwikicontent will call othermarkupunsafe which will end up calling GitHub::Markup.render from the github-markup gem. Files with any extension can be uploaded by checking out the wiki with git, commiting the files and...

ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the raw: true parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of pla...

Remote Code Execution (RCE)

slanger is vulnerable to remote code execution RCE. An unsafe deserialization of Ruby objects allows remote attackers to execute arbitrary code using a malicious JSON containing arbitrary object of various classes...

CVE-2017-18365

The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...

Deserialization of untrusted data

The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...

Exploit for Path Traversal in Rubyonrails Rails

Rails-doubletap-exploit RCE on Rails 5.2.2 using a path trave...

GHSA-JXX8-V83V-RHW3 Spree Improper Input Validation vulnerability

Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

Spree Improper Input Validation vulnerability

Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

DLA-266-1 libxml2 - security update

Bulletin has no description...

CVE-2013-1656

Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

CVE-2013-1656

Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

CVE-2013-1656

CVE-2013-1656 affects Spree Commerce 1.0.x through 1.3.2, where remote authenticated administrators could instantiate arbitrary Ruby objects and execute commands via parameters (payment_method, promotion_action, promotion_rule, calculator_type) due to unsafe use of constantize in admin controller...

Spree payment_methods_controller.rb payment_method Parameter Arbitrary Ruby Object Instantiation Command Execution

Spree contains a flaw that is triggered when handling input passed via the 'paymentmethod' parameter to paymentmethodscontroller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands...

Spree controller Parameter Arbitrary Ruby Object Instantiation Command Execution

Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated administrators to instantiate arbitrary Ruby objects and executd arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/ paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

Spree promotion_rules_controller.rb promotion_rule Parameter Arbitrary Ruby Object Instantiation Command Execution

Spree contains a flaw that is triggered when handling input passed via the 'promotionrule' parameter to promotionrulescontroller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands...

Spree promotions_controller.rb calculator_type Parameter Arbitrary Ruby Object Instantiation Command Execution

Spree contains a flaw that is triggered when handling input passed via the 'calculatortype' parameter to promotionscontroller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands...

PT-2013-1678 · Ruby +3 · Ruby +3

Name of the Vulnerable Software and Affected Versions: Ruby version 1.8.7 Description: The safe-level feature in Ruby allows context-dependent attackers to modify strings via the NameErrorto s method when operating on Ruby objects. Recommendations: For Ruby version 1.8.7, at the moment, there is ...