Malicious code in naveengem (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12a3ed7380fdb815c2f8c5a086b33d516acc0bbdaab4d4df8203efed20ae348b The OpenSSF Package Analysis project identified 'naveengem' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The package...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to RubyGems commonmarker gem denial of service vulnerabilitiy [IBM X-Force ID: 252809]

Summary Potential RubyGems commonmarker gem denial of service vulnerabilitiy have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. IBM X-Force ID: 252809 Vulnerability Details IBM...

MAL-2023-1425 Malicious code in gitlab-glfm-markdown (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e04df4c0bb1f91ce34ee36e4731ee580ff1e7a1131cafd97a660d90f4c4cfb1 The OpenSSF Package Analysis project identified 'gitlab-glfm-markdown' @ 7.0.1 rubygems as malicious. It is considered malicious because: - The...

MAL-2023-1423 Malicious code in att-codekit (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 004ba0a87bf93fad7e23fc134ea62c1fad90d2917fff3ad6ca64a87adf16f69d The OpenSSF Package Analysis project identified 'att-codekit' @ 5.1.0 rubygems as malicious. It is considered malicious because: - The package...

MAL-2023-1432 Malicious code in ptrsec_rce (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5c5f0c378deb022411d3a83e2b929f8ef8f9ad8e8eedd366e0863b7eb25d8aea The OpenSSF Package Analysis project identified 'ptrsecrce' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The package...

Malicious code in ptrsec_rce (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5c5f0c378deb022411d3a83e2b929f8ef8f9ad8e8eedd366e0863b7eb25d8aea The OpenSSF Package Analysis project identified 'ptrsecrce' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The package...

MAL-2023-1427 Malicious code in i18n_sonder (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9f0c939067907bb4e3bd0d91530b128f2ffe8c595d619eaa3ab544891de51e2b The OpenSSF Package Analysis project identified 'i18nsonder' @ 4.1.0 rubygems as malicious. It is considered malicious because: - The package...

Malicious code in i18n_sonder (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9f0c939067907bb4e3bd0d91530b128f2ffe8c595d619eaa3ab544891de51e2b The OpenSSF Package Analysis project identified 'i18nsonder' @ 4.1.0 rubygems as malicious. It is considered malicious because: - The package...

MAL-2023-1428 Malicious code in mandrill-api-ruby (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 16f2aff274da86497ad8fe6322b501a1269cd37d3ad40e227f11126aa2da5413 The OpenSSF Package Analysis project identified 'mandrill-api-ruby' @ 6.0.1 rubygems as malicious. It is considered malicious because: - The...

MAL-2023-1429 Malicious code in modified_bayes (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1c5711b3c10ba19ca7c68581b9cd246029ba621b35c0371e4a043d69050b9363 The OpenSSF Package Analysis project identified 'modifiedbayes' @ 10.1.0 rubygems as malicious. It is considered malicious because: - The packag...

Malicious code in modified_bayes (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1c5711b3c10ba19ca7c68581b9cd246029ba621b35c0371e4a043d69050b9363 The OpenSSF Package Analysis project identified 'modifiedbayes' @ 10.1.0 rubygems as malicious. It is considered malicious because: - The packag...

MAL-2023-11 Malicious code in microsoft_kiota_http (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1aea1a60f074d92d58e8e1644f08af16097bc4fc496a7acc2b60f586ce504017 The OpenSSF Package Analysis project identified 'microsoftkiotahttp' @ 6.0.1 rubygems as malicious. It is considered malicious because: - The...

MAL-2023-12 Malicious code in tzinfo-i18n (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 80d76ff3efd3a37e90d86c31f34ad01633504eb17709869928335523c66a2a55 The OpenSSF Package Analysis project identified 'tzinfo-i18n' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The package...

MAL-2023-1424 Malicious code in fluent-plugin-enhance-k8s-metadata (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 537d9d482d3e99b2757022edbff8c81e9a9bd9bf73f272f10634d355c813e635 The OpenSSF Package Analysis project identified 'fluent-plugin-enhance-k8s-metadata' @ 5.0.1 rubygems as malicious. It is considered malicious...

CVE-2023-28846

Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load...

Design/Logic Flaw

Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load...

CVE-2023-28846 Denial of Service in unpoly-rails

Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load...

CVE-2023-28102

discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...

pcs security update

0.11.3-4.el91.2 - Updated bundled rubygems: mustermann, rack, rackprotection, sinatra, tilt - Added license for rubygem ruby2keywords - Resolves: rhbz2159426...

pcs security update

0.10.14-5.0.1 - Replace HAM-logo.png with a generic one 0.10.14-5.el87.2 - Updated bundled rubygems: mustermann, rack, rackprotection, sinatra, tilt - Added license for rubygem ruby2keywords - Resolves: rhbz2159424...