ruby-rejser.dk Cross Site Scripting vulnerability OBB-3514869

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Debian: Security Advisory (DLA-3494-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6219-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : ruby:2.7 (ELSA-2023-3821)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3821 advisory. - Fix HTTP response splitting in CGI. Resolves: CVE-2021-33621 - Fix ReDoS vulnerability in URI. Resolves: CVE-2023-28755 - Fix ReDoS vulnerability in...

USN-6219-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.10 and Ubuntu 20.04 LTS. CVE-2023-28755 It was discovered that Ruby incorrectly handled certain regular...

USN-6219-1 ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.1 vulnerabilities

It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.10 and Ubuntu 20.04 LTS. CVE-2023-28755 It was discovered that Ruby incorrectly handled certain regular...

[SECURITY] [DLA 3494-1] ruby-doorkeeper security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3494-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb July 12, 2023 https://wiki.debian.org/LTS -...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Ruby vulnerabilities (USN-6219-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6219-1 advisory. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use...

Debian dla-3494 : ruby-doorkeeper - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3494 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3494-1 [email protected] https://www.debian.org/lts/security/...

DLA-3494-1 ruby-doorkeeper - security update

Bulletin has no description...

CVE-2023-34090

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...

CVE-2023-32693

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in...

Cross site scripting

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in...

Design/Logic Flaw

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...

CVE-2023-34089

CVE-2023-34089 affects Decidim (Ruby on Rails) where the processes filter feature is vulnerable to Cross-site scripting. The underlying issue allows a remote attacker to run JavaScript in the context of a logged-in user, potentially causing other users to endorse or support proposals. Patches are...

CVE-2023-34089 Decidim Cross-site Scripting vulnerability in the processes filter

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code ...

CVE-2023-34090 Decidim vulnerable to sensitive data disclosure

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...

CVE-2023-34090 Decidim vulnerable to sensitive data disclosure

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default,...

CVE-2023-34090

Summary: Decidim prior to 0.27.3 is affected by a data disclosure issue due to the Ransack filtering default behavior allowing all data attributes/associations to be queried, enabling an unauthenticated remote attacker to exfiltrate non-public data from the underlying database. Root cause: Miscon...

CVE-2023-32693 Decidim Cross-site Scripting vulnerability in the external link redirections

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in...