Ruby: Uncontrolled Resource Consumption when parsing maliciously crafted XML with REXML

The REXML library in Ruby was found to be vulnerable to an issue where parsing a maliciously crafted XML file could lead to uncontrolled resource consumption, resulting in a denial of service. The vulnerability was caused by a flaw in the namespace handling functionality of the REXML library...

Ubuntu: Security Advisory (USN-6960-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6960-1: RMagick vulnerability

Nick Browning discovered that RMagick incorrectly handled memory under certain operations. An attacker could possibly use this issue to cause a denial of service through memory exhaustion...

USN-6960-1 ruby-rmagick vulnerability

Nick Browning discovered that RMagick incorrectly handled memory under certain operations. An attacker could possibly use this issue to cause a denial of service through memory exhaustion...

REXML: DoS parsing an XML with many `<`s in an attribute value

REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this...

GLSA-202408-24 : Ruby on Rails: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202408-24 Ruby on Rails: Remote Code Execution Multiple vulnerabilities have been discovered in Ruby on Rails. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block...

Ruby on Rails: Remote Code Execution

Background Ruby on Rails is a free web framework used to develop database-driven web applications. Description Multiple vulnerabilities have been discovered in Ruby on Rails. Please review the CVE identifiers referenced below for details. Impact When serialized columns that use YAML the default a...

GLSA-202408-22 : Bundler: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202408-22 Bundler: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Bundler. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

Bundler: Multiple Vulnerabilities

Background Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed. Description Multiple vulnerabilities have been discovered in Bundler. Please review the CVE identifiers referenced below for details. Impact Please review...

The vulnerability of the ruby-find-library-file function in the EMACS text editor arises from improper elimination of special elements used in the command, allowing an attacker to execute arbitrary code.

The vulnerability of the ruby-find-library-file function in the EMACS text editor is related to improper elimination of special elements. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

SUSE CVE-2024-41123

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, and . The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities...

ROS-20240806-06

Vulnerability of ruby-find-library-file function of EMACS text editor is related to incorrect neutralization of special elements. neutralization of special elements. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in the lib-src/etags.c file of th...

ROS-20240806-22

A vulnerability in the Active Record adaptor of the Ruby on Rails software platform is related to flaws in the validation of values. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Fedora: Security Advisory (FEDORA-2024-93575091aa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-41123

A vulnerability was found in REXML, an XML toolkit used for Ruby. When parsing an untrusted XML with many specific characters, the REXML gem may take a long time, leading to a denial of service condition. Some of these special characters include the whitespace character, '', and ''. Mitigation...

Code Injection

elektra is vulnerable to Code Injection. The vulnerability is due to improper handling of user input in the live search functionality of the Ruby on Rails-based Elektra web application, which allows authenticated users to craft a search term containing Ruby code that flows into an eval call,...

GHSA-5866-49GR-22V4 vulnerabilities

Vulnerabilities for packages: ruby, kube-fluentd-operator, jruby...

GHSA-5866-49GR-22V4 vulnerabilities

Vulnerabilities for packages: ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, jruby, ruby3.1-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby3.3-fluentd-kubernetes-daemonset, ruby...

OESA-2024-1938 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote Do...

GHSA-R55C-59QM-VJW6 vulnerabilities

Vulnerabilities for packages: ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, jruby, ruby3.1-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby3.3-fluentd-kubernetes-daemonset, ruby...