15 matches found
CVE-2021-33575
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
EUVD-2021-2261
Malware in sbrugna...
Linux jss 安全漏洞
ruby-jss is a Ruby framework for interacting with the JAMF Software Server JSS REST API. A security vulnerability exists in Linux jss that stems from a memory leak in a software TLS connection leading to an object serialization issue...
Arbitrary Code Execution
Overview ruby-jss is a provides native ruby access to the REST APIs of Jamf Pro, an enterprise/education tool for managing Apple devices, from jamf.com. Affected versions of this package are vulnerable to Arbitrary Code Execution. The Pixar ruby-jss gem allows remote attackers to execute arbitrar...
Remote Code Execution (RCE)
ruby-jss is vulnerable to remote code execution. The vulnerability exists due to the lack of validation which allows an attacker to execute scripts on the Plist when using Marshal.load during XML document processing...
GHSA-VMFH-C547-V45H Remote code execution in ruby-jss
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
Remote code execution in ruby-jss
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
Remote code execution in ruby-jss
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
Arbitrary Code Execution
Overview ruby-jss is a provides native ruby access to the REST APIs of Jamf Pro, an enterprise/education tool for managing Apple devices, from jamf.com. Affected versions of this package are vulnerable to Arbitrary Code Execution. This is due to the usage of the plist library, which has documente...
CVE-2021-33575
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
CVE-2021-33575
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
Design/Logic Flaw
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
CVE-2021-33575
The CVE affects the Pixar ruby-jss gem prior to 1.6.0. Affected component is ruby-jss which processes XML via the Plist gem, whose documented behavior uses Marshal.load, enabling remote code execution. Reported by multiple sources (Red Hat, OSV, NVD, Snyk, RubyGems advisories). Impact is rated hi...
CVE-2021-33575
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
Pixar ruby-jss 安全漏洞
ruby-jss is a Ruby framework for interacting with the JAMF Software Server JSS REST API. A security vulnerability in Pixar ruby-jss versions prior to 1.6.0, which stems from Marshal's documented behavior and is loaded during XML document processing, can be exploited by a remote attacker to execut...