CVE-2023-32693 Decidim Cross-site Scripting vulnerability in the external link redirections

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in...

CVE-2023-32693

Summary: CVE-2023-32693 affects the Decidim framework (Ruby on Rails). The vulnerability is a Cross-Site Scripting flaw in the external link feature, allowing a remote attacker to execute JavaScript in the context of a logged-in user and potentially influence user endorsements of proposals. Affec...

Decidim 跨站脚本漏洞

Decidim is a participatory democracy framework written in Ruby on Rails. Decidim suffers from a cross-site scripting vulnerability that stems from susceptibility to cross-site scripting and allows remote attackers to execute JavaScript code in the context of the currently logged in user...

Decidim 跨站脚本漏洞

Decidim is a participatory democracy framework written in Ruby on Rails. Decidim suffers from a cross-site scripting vulnerability that stems from susceptibility to cross-site scripting and allows remote attackers to execute JavaScript code in the context of the currently logged in user...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2341)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Doorkeeper vulnerability (USN-6210-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6210-1 advisory. It was discovered that Doorkeeper incorrectly performed authorization checks for public clients that have been previou...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2321)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2023-2341)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific...

ruby:2.7 security, bug fix, and enhancement update

ruby 2.7.8-139 - Upgrade to Ruby 2.7.8. Resolves: rhbz2149262 - Fix HTTP response splitting in CGI. Resolves: CVE-2021-33621 - Fix ReDoS vulnerability in URI. Resolves: CVE-2023-28755 - Fix ReDoS vulnerability in Time. Resolves: CVE-2023-28756 rubygem-abrt 0.4.0-1 - Update to abrt 0.4.0. Resolves...

USN-6210-1: Doorkeeper vulnerability

It was discovered that Doorkeeper incorrectly performed authorization checks for public clients that have been previous approved. An attacker could potentially exploit these in order to impersonate another user and obtain sensitive information...

USN-6210-1 ruby-doorkeeper vulnerability

It was discovered that Doorkeeper incorrectly performed authorization checks for public clients that have been previous approved. An attacker could potentially exploit these in order to impersonate another user and obtain sensitive information...

Badsecrets - A Library For Detecting Known Secrets Across Many Web Frameworks

A pure python library for identifying the use of known or very weak cryptographic secrets across a variety of platforms. The project is designed to be both a repository of various "known secrets" for example, ASP.NET machine keys found in examples in tutorials, and to provide a language-agnostic...

[SECURITY] [DLA 3480-1] ruby-redcloth security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3480-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès July 06, 2023 https://wiki.debian.org/LTS -...

Cross-site Scripting (XSS)

Overview sanitize is a Ruby HTML and CSS sanitizer. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient neutralization of style element content. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS when the library is...

DLA-3480-1 ruby-redcloth - security update

Bulletin has no description...

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version.

...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2023-2264)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c us...

Malicious code in gitlab-glfm-markdown (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e04df4c0bb1f91ce34ee36e4731ee580ff1e7a1131cafd97a660d90f4c4cfb1 The OpenSSF Package Analysis project identified 'gitlab-glfm-markdown' @ 7.0.1 rubygems as malicious. It is considered malicious because: - The...

SUSE CVE-2023-36617

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...

USN-6055-2: Ruby regression | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression. This update reverts the patches applied to CVE-2023-28755 in order to fix the regression pending further investigation. ...