GHSA-X2H8-QMJ4-G62F ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

Incorrect Default Permissions

Overview rotp is a package that works for both HOTP and TOTP, and includes QR Code provisioning Affected versions of this package are vulnerable to Incorrect Default Permissions due to overly permissive default permissions. An attacker can modify the .rb files to inject malicious code or alter th...

ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

Important: ruby

Issue Overview: The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. CVE-2021-33621 Affected Packages:...

Amazon Linux 2 : ruby (ALAS-2024-2503)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2503 advisory. The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant ...

Amazon Linux 2 : pcs (ALAS-2024-2492)

The version of pcs installed on the remote host is prior to 0.9.169-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2492 advisory. A Denial of Service DoS vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content typ...

Important: ruby

Issue Overview: The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. CVE-2021-33621 Affected Packages:...

CVE-2024-28862

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

CVE-2024-28862

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

Ruby One Time Password Library Security Vulnerability

Ruby One Time Password Library is a one-time password library for Ruby. A security vulnerability exists in Ruby One Time Password Library ROTP that stems from improperly restricted default permissions...

CVE-2024-28862

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

CVE-2024-28862

The CVE-2024-28862 entry concerns the Ruby One Time Password library (ROTP). Affected versions had overly permissive default file permissions (0666) on Ruby .rb files, enabling potential local access/impact due to insecure permissions. The advisory advises upgrading to version 6.3.0; if patching ...

CVE-2024-28862 ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

CVE-2024-28862 ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

Updated yajl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This results in the whole ruby process terminatin...

MGASA-2024-0066 Updated yajl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This results in the whole ruby process terminatin...

TurboBoost Commands vulnerable to arbitrary method invocation

Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...

PT-2024-22612

Name of the Vulnerable Software and Affected Versions ROTP versions prior to 6.3.0 Description The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Recommendations For...

GHSA-8832-4MM5-X2R6 discordrb OS Command Injection vulnerability

discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...

discordrb OS Command Injection vulnerability

discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...