Ubuntu: Security Advisory (USN-6689-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-242P-4V39-2V8G Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. Impact If you render an tag with an href attribute set to a user-provided link, that...

USN-6689-1: Rack vulnerabilities

It was discovered that Rack incorrectly parse some headers. An attacker could possibly use this issue to cause a denial of service. CVE-2023-27539, CVE-2024-26141, CVE-2024-26146...

USN-6689-1 ruby-rack vulnerabilities

It was discovered that Rack incorrectly parse some headers. An attacker could possibly use this issue to cause a denial of service. CVE-2023-27539, CVE-2024-26141, CVE-2024-26146...

The vulnerability of the Ruby Sinatra web application development framework lies in the fact that code can be loaded without checking its integrity, allowing an attacker to execute arbitrary code.

The vulnerability of the Ruby Sinatra web application development framework lies in the fact that code is loaded without any checks for its integrity. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

Ubuntu 23.10 : Rack vulnerabilities (USN-6689-1)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6689-1 advisory. It was discovered that Rack incorrectly parse some headers. An attacker could possibly use this issue to cause a denial of service. CVE-2023-27539,...

CVE-2024-28199

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you...

CVE-2024-28199

Phlex (Ruby) contains an XSS vulnerability (CVE-2024-28199) due to case-sensitive checks not preventing malicious data in HTML attributes. If a user-provided href is rendered in an tag or if user attributes are splatted onto elements, JavaScript may execute in victims’ browsers. Patched versions...

CVE-2024-28199 Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you...

CVE-2024-28199 Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you...

CVE-2024-28199 Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you...

Fedora: Security Advisory (FEDORA-2024-cafa04a149)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the ruby-magick interface between Ruby and the ImageMagick library, related to memory leak errors, allows attackers to trigger a denial-of-service attack.

The vulnerability of the ruby-magick interface between Ruby and the ImageMagick library is related to memory release errors. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6682-1 advisory. ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTT...

Debian dla-3753 : yard - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3753 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3753-1 [email protected]...

[SECURITY] [DLA 3753-1] yard security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3753-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk March 06, 2024 https://wiki.debian.org/LTS -...

BIT-RUBY-2020-10933

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocketreadnonblockrequestedsize, buffer, exception: false, the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous valu...

BIT-RUBY-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

BIT-RUBY-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

BIT-RUBY-2021-28966

In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...