13977 matches found
CVE-2026-33210 Ruby JSON has a format string injection vulnerability
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...
CVE-2026-33210
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user...
CVE-2026-33209
Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting XSS vulnerability exists in the returnto query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is execute...
CVE-2026-33209 Avo has a XSS vulnerability on `return_to` param
Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting XSS vulnerability exists in the returnto query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is execute...
JSON implementation for Ruby 格式化字符串错误漏洞
JSON Implementation for Ruby is a open-source Ruby implementation of JSON. There were formatting string error vulnerabilities in versions prior to Ruby 2.15.2.1, Ruby 2.17.1.2, and Ruby 2.19.2. These vulnerabilities stem from format string injection when using the allowduplicatekey: false parsing...
Avo 跨站脚本漏洞
Avo is an open-source Ruby on Rails management panel framework developed by Avo itself. Versions of Avo prior to 3.30.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from the returnto query parameter in the Avo interface, which allowed reflective cross-site scripting...
bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby BCrypt.java computes the key-strengthening round count as a...
Use of Externally-Controlled Format String
Overview json is a JSON implementation as a Ruby extension in C. Affected versions of this package are vulnerable to Use of Externally-Controlled Format String in JSON.parsedoc, allowduplicatekey: false. An attacker can cause denial of service or disclose sensitive information via malicious forma...
GHSA-3M6G-2423-7CP3 Ruby JSON has a format string injection vulnerability
Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted...
Ruby JSON has a format string injection vulnerability
Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted...
Ruby JSON has a format string injection vulnerability
Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted...
MAL-2026-1924 Malicious code in testcatplzignore (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in sq-minimal-feature-flags (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2026-1923 Malicious code in sq-minimal-feature-flags (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in resolvrtest (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2026-1920 Malicious code in rails_structured_logging (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in rails_structured_logging (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in newlogger (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2026-1917 Malicious code in kaleido (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in kaleido (RubyGems)
--- -= Per source details. Do not edit below this line.=-...