CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

Decidim security breach

Decidim is a participatory democracy framework, written in Ruby on Rails. A security vulnerability exists in versions of Decidim prior to 0.27.6, which stems from the ability to access certain data from an unpublished or private resource if an attacker can infer the slug or URL of that resource...

RailsAdmin Cross-site Scripting vulnerability in the list view

Impact RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. The issue was originally reported in https://github.com/railsadminteam/railsadmin/issues/3686. Patches Upgrade to 3.1.4. The vulnerability itself was patched in 3.1.3 but it has a functionali...

RailsAdmin Cross-site Scripting vulnerability in the list view

Impact RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. The issue was originally reported in https://github.com/railsadminteam/railsadmin/issues/3686. Patches Upgrade to 3.1.3 or 2.3.0. Workarounds 1. Copy the index view located under the path...

CVE-2024-37260

Server-Side Request Forgery SSRF vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5...

CVE-2024-37260

Server-Side Request Forgery SSRF vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5...

CVE-2024-37260

CVE-2024-37260 is a Server-Side Request Forgery (SSRF) vulnerability affecting WordPress Foxiz Theme (Foxiz) versions up to 2.3.5. Public sources (NVD, CVE listings) confirm the issue and its high/critical impact metrics (CVSS v3.1: 9.3 base score; network attack, no user interaction). The Wordfe...

PT-2024-27425 · Foxiz · Foxiz

Name of the Vulnerable Software and Affected Versions: Foxiz versions 2.3.5 and earlier Description: A Server-Side Request Forgery SSRF vulnerability has been identified in Theme-Ruby Foxiz. This issue allows for unauthorized access to internal resources, potentially leading to sensitive data...

CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-35176)

The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35176 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service...

CVE-2024-39316 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2024-39316

Rack is a modular Ruby web server interface. A ReDoS vulnerability exists in Rack::Request::Helpers when parsing HTTP Accept headers, affecting Rack 3.1.0 up to, but not including, 3.1.5. An attacker can trigger excessive server processing by sending specially crafted Accept-Encoding or Accept-La...

CVE-2024-39316

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

CVE-2024-39316 Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending...

Rack Security Vulnerabilities

Rack is a modular Ruby web server interface. A security vulnerability exists in Rack versions 3.1.0 through prior to 3.1.5, which stems from a Regular Expression Denial of Service ReDoS vulnerability that can be exploited by an attacker to send specially crafted headers that cause the server to...

OESA-2024-1780 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote Do...

OESA-2024-1779 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests. Und...

USN-6853-1: Ruby vulnerability

It was discovered that Ruby incorrectly handled the ungetbyte and ungetc methods. A remote attacker could use this issue to cause Ruby to crash, resulting in a denial of service, or possibly obtain sensitive information...

USN-6853-1 ruby2.7, ruby3.0, ruby3.1 vulnerability

It was discovered that Ruby incorrectly handled the ungetbyte and ungetc methods. A remote attacker could use this issue to cause Ruby to crash, resulting in a denial of service, or possibly obtain sensitive information...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Ruby vulnerability (USN-6853-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6853-1 advisory. It was discovered that Ruby incorrectly handled the ungetbyte and ungetc methods. A remote attacker could use this issue to cause Ruby to cras...

Malicious code in workarea-gift-cards (RubyGems)

--- -= Per source details. Do not edit below this line.=-...