The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma is related to deficiencies in the processing of HTTP requests containing the Content-Length header. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests a type of HTTP Request Smuggling...

OESA-2023-1726 grpc security update

gRPC is a modern open source high performance RPC framework that can run in any environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...

Ubuntu: Security Advisory (USN-6424-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in investing_parameters (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3fa4a6c4b0b94b2b009c0377390aeee029c2d9024af134c4697f3c8cdfb1f916 The OpenSSF Package Analysis project identified 'investingparameters' @ 1.2.1 rubygems as malicious. It is considered malicious because: - The...

USN-6424-1 ruby-kramdown vulnerability

It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrary code...

USN-6424-1: kramdown vulnerability

It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrary code...

CVE-2023-36465

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in t...

Security feature bypass

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in t...

CVE-2023-36465 Decidim has broken access control in templates

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in t...

CVE-2023-36465 Decidim has broken access control in templates

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in t...

CVE-2023-36465

Decidim (Ruby on Rails) has a broken access control in the templates module, allowing any logged-in user to access template management in the admin panel and to change, create, or delete survey templates. The issue is confirmed across multiple sources and has been patched in versions 0.26.8 and 0...

CVE-2023-36465 Decidim has broken access control in templates

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in t...

ROS-20230929-01

Vulnerability in the URI component of the Ruby programming language, related to improper handling of invalid URLs containing certain characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the...

USN-6219-1: Ruby vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu...

Amazon Linux 2 : ruby (ALASRUBY3.0-2023-007)

The version of ruby installed on the remote host is prior to 3.0.1-148. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY3.0-2023-007 advisory. A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML...

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-004)

The version of ruby installed on the remote host is prior to 2.6.8-127. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-004 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can...

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-001)

The version of ruby installed on the remote host is prior to 2.6.10-129. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY2.6-2023-001 advisory. A buffer overrun vulnerability was found in Ruby. The issue occurs in a conversion algorithm from a String to a Float that...

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-006)

The version of ruby installed on the remote host is prior to 2.6.7-126. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY2.6-2023-006 advisory. An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP...

Amazon Linux 2 : ruby (ALASRUBY3.0-2023-003)

The version of ruby installed on the remote host is prior to 3.0.3-154. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2RUBY3.0-2023-003 advisory. CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a...

Amazon Linux 2 : ruby (ALASRUBY2.6-2023-005)

The version of ruby installed on the remote host is prior to 2.6.7-126. It is, therefore, affected by a vulnerability as referenced in the ALAS2RUBY2.6-2023-005 advisory. An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious...