GHSA-2RXP-V6PW-CH6M vulnerabilities

Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, logstash, ruby3.3-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby3.1-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, jruby, ruby...

GHSA-2RXP-V6PW-CH6M vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, ruby, logstash, jruby...

Regular Expression Denial of Service (ReDoS)

Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expressions in CHARACTERREFERENCES. This vulnerability can be exploited when parsing XML content containing numerous...

REXML ReDoS vulnerability

Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...

GHSA-2RXP-V6PW-CH6M REXML ReDoS vulnerability

Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...

PT-2024-8321

Name of the Vulnerable Software and Affected Versions REXML gem versions prior to 3.3.9 Ruby 3.1 Description The issue is related to a ReDoS vulnerability in the REXML gem when parsing XML with many digits between & and x...; in a hex numeric character reference &x...;. This vulnerability can be...

REXML ReDoS vulnerability

Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...

Cross-site Scripting (XSS)

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the content group name field. An attacker can execute arbitrary scripts or commands by...

ROS-20241021-01

A vulnerability in the XML toolkit for Ruby REXML is related to parsing XML containing a large number of characters. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service The Ruby REXML XML toolkit vulnerability is related to parsing XML containing a...

RHSA-2022:0582 Red Hat Security Advisory: ruby:2.6 security update

Bulletin has no description...

RHSA-2022:0581 Red Hat Security Advisory: ruby:2.6 security update

Bulletin has no description...

RHSA-2021:2588 Red Hat Security Advisory: ruby:2.6 security, bug fix, and enhancement update

Bulletin has no description...

RHSA-2021:2587 Red Hat Security Advisory: ruby:2.5 security, bug fix, and enhancement update

Bulletin has no description...

Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...

Internet Bug Bounty: [CVE-2024-47888] Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text

There is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888. Carefully crafted text was found to cause the plaintextforblockquotenode helper to take an unexpected amount of time, possibly...

OESA-2024-2259 rubygem-puma security update

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request...

actionmailer Ruby Library 3.x < 6.1.7.9 / 7.0.x < 7.0.8.5 / 7.1.x < 7.1.4.1 / 7.2.x < 7.2.1.1 DoS (CVE-2024-47889)

The version of the actionmailer Ruby library installed on the remote host is 3.x prior to 6.1.7.9, 7.0.x prior to 7.0.8.5, 7.1.x prior to 7.1.4.1 or 7.2.x prior to 7.2.1.1. It is, therefore, affected by a denial of service DoS vulnerability. The vulnerability lies in the blockformat helper of...

RHSA-2024:6785 Red Hat Security Advisory: ruby:3.3 security update

Bulletin has no description...

RHSA-2024:6784 Red Hat Security Advisory: ruby:3.3 security update

Bulletin has no description...

SUSE CVE-2024-41128

Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...