Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-4882-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4882-1 advisory. It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into...

The vulnerability of the WEBrick library for the Ruby programming language lies in its improper validation of header values, which allows attackers to compromise data integrity.

The vulnerability of the WEBrick library for the Ruby programming language is related to improper validation of header values. Exploiting this vulnerability can allow an attacker to compromise the integrity of data...

Ubuntu: Security Advisory (USN-4882-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4882-1: Ruby vulnerabilities

It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

USN-4870-1: Bundler vulnerability

It was discovered that Bundler incorrectly created directories with insecure permissions in /tmp. An attacker could write malicious libraries to this location for later execution...

Updated ruby-mechanize packages fix a security vulnerability

In Mechanize, from v2.0.0 until v2.7.7, there is a command injection vulnerability. Affected versions of Mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernelopen method CVE-2021-21289...

EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2021-1387)

According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference vulnerability was found in Onigmo in the way it handled certain types of 'subexp' regular...

Exploit for Server-Side Request Forgery in Microsoft

CVE-2021-26855-PoC PoC exploit code for CVE-2021-26855. Orig...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-1516)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-1450)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-1540)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-1387)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2021-1540)

According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP serv...

EulerOS Virtualization 3.0.6.6 : ruby (EulerOS-SA-2021-1516)

According to the versions of the ruby package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Onigmo through 6.2.0 has a NULL pointer dereference in onigerrorcodetostr because of fetchtoken in regparse.c.CVE-2019-16161 - Onigm...

EulerOS 2.0 SP2 : ruby (EulerOS-SA-2021-1356)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Onigmo through 6.2.0 has a NULL pointer dereference in onigerrorcodetostr because of fetchtoken in regparse.c.CVE-2019-16161 - Onigmo through 6.2....

Debian DLA-2561-1 : ruby-mechanize security update

Mechanize is an open source Ruby library that makes automated web interaction easy. In Mechanize, from v2.0.0 until v2.7.7, there is a command injection vulnerability. Affected versions of Mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's...

Code Injection vulnerability in CarrierWave::RMagick

Impact CarrierWave::RMagick has a Code Injection vulnerability. Its manipulate! method inappropriately evals the content of mutation option:read/:write, allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, i...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-1228)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : ruby (EulerOS-SA-2021-1228)

According to the version of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not...

CVE-2021-21289

Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which...