Debian dsa-5774 : ruby-saml - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5774 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5774-1 [email protected] https://www.debian.org/security/...

Fedora 39 : ruby (2024-2fb325d068)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2fb325d068 advisory. Upgrade to Ruby 3.2.5. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora: Security Advisory (FEDORA-2024-2fb325d068)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 8 : ruby:3.3 (ALSA-2024:6784)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6784 advisory. rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace characte...

DSA-5774-1 ruby-saml - security update

Bulletin has no description...

UBUNTU-CVE-2024-45614

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

SUSE CVE-2024-45409

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...

CVE-2024-45614 vulnerabilities

Vulnerabilities for packages: gitlab-cng, ruby3.2-puma...

CVE-2024-45614

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

CVE-2024-45614

Puma (Ruby/Rack) is affected by CVE-2024-45614 due to improper header normalization that lets clients clobber proxy headers via an underscore variant (X-Forwarded_For). Affected versions do not discard the underscore header when the non-underscore header exists; fixed in v6.4.3 and v5.6.9 which n...

CVE-2024-45614

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

GHSA-735F-PC8J-V9W8 vulnerabilities

Vulnerabilities for packages: debezium-connector-spanner, elasticsearch, opensearch, ruby3.3-fluentd-kubernetes-daemonset, hadoop-client-modules, trino, confluent-kafka-jre-bcfips, ruby3.4-fluentd-kubernetes-daemonset, kafka, tez, hadoop-thirdparty, knative-kafka-broker, kserve-modelmesh,...

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

GitLab has released patches to address a critical flaw impacting Community Edition CE and Enterprise Edition EE that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library CVE-2024-45409, CVSS score: 10.0, which could allow an attacker to log in as an...

[SECURITY] Fedora 40 Update: ruby-3.3.5-14.fc40

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

ruby:3.3 security update

ruby 3.3.5-3 - Upgrade to Ruby 3.3.5 Resolves: RHEL-57576 - Fix DoS vulnerability in rexml. CVE-2024-39908 CVE-2024-41946 CVE-2024-43398 Resolves: RHEL-57573 Resolves: RHEL-57570 Resolves: RHEL-57578 - Fix REXML DoS when parsing an XML having many specific characters such as whitespace character,...

ROS-20240918-12

A vulnerability in the Ruby REXML XML toolkit is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service The XML Toolkit for Ruby REXML vulnerability is related to the presence of a DoS vulnerability in X...

The vulnerability of the SAML library for Ruby SAML and the Git-based software platform, which is used for collaborative code development on GitLab, allows for an increase in privileges.

The vulnerability of the SAML library for Ruby SAML applications and the Git-based software platform for collaborative code development on GitLab is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to increase their privileges...

Fedora 40 : ruby (2024-146ef211bc)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-146ef211bc advisory. Upgrade to Ruby 3.3.5. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...