31 matches found
CVE-2025-14762
CVE-2025-14762 describes a missing cryptographic key commitment in the AWS SDK for Ruby that can allow a user with write access to an S3 bucket to introduce a new EDK and decrypt data to different plaintext when the encrypted data key is stored in an instruction file rather than in S3 metadata. T...
CVE-2025-14762
Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue,...
EUVD-2017-0336
Malware in sbrugna...
AWS Recon - Multi-threaded AWS Inventory Collection Tool With A Focus On Security-Relevant Resources And Metadata
A multi-threaded AWS inventory collection tool. The creators of this tool have a recurring need to be able to efficiently collect a large amount of AWS resource attributes and metadata to help clients understand their cloud security posture. There are a handful of tools e.g. AWS Config,...
Shopify: H1514 Shopify API ruby SDK session setup lacks input validation, resulting in SSRF and leakage of client secret
Hi team, The Shopify API ruby SDK has the ability for the developer to interact with their shop's REST API. When setting up the gem, a code structure similar to the one below may be used to set up the connection: ruby require 'shopifyapi' class SomeController ' session =...
GHSA-XWR3-FMGJ-MMFR Exposure of Sensitive Information in bio-basespace-sdk
The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...
Exposure of Sensitive Information in bio-basespace-sdk
The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...
CVE-2013-7111
The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...
Command injection
The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...
CVE-2013-7111
The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...
CVE-2013-7111
The CVE-2013-7111 issue affects Bio Basespace SDK for Ruby (BaseSpace Ruby SDK gem, version 0.1.7). The put_call function in api/api_client.rb passes the API_KEY on the command line, which allows information disclosure by listing processes. This exposure could reveal API keys used by the client, ...