2157 matches found
Remote code execution
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...
CVE-2017-0903
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...
CVE-2017-0903
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...
CVE-2017-0903
CVE-2017-0903 affects RubyGems (versions 2.0.0 to 2.6.13) where YAML deserialization of gem specifications can bypass class whitelists and potentially enable remote code execution. The connected advisories confirm an unsafe YAML deserialization vulnerability in the rubygems module that could be t...
CVE-2017-0903
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...
CVE-2017-0903
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...
RubyGems Patches Remote Code Execution Vulnerability
RubyGems, a package of software tools that installs, upgrades and configures Ruby libraries and programs, on Monday announced it had patched a critical vulnerability. Attackers could leverage the flaw—an unsafe object deserialization vulnerability—to escalate privileges and remotely execute code...
CVE-2017-0903
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...
FreeBSD : rubygems -- deserialization vulnerability (2c8bd00d-ada2-11e7-82af-8dbff7d75206)
oss-security mailing list : There is a possible unsafe object desrialization vulnerability in RubyGems. It is possible for YAML deserialization of gem specifications to bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...
CVE-2017-0903
A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter...
RubyGems Unsafe Object Deserialization Vulnerability
Exploit for linux platform in category remote exploits Unsafe Object Deserialization Vulnerability in RubyGems There is a possible unsafe object desrialization vulnerability in RubyGems. It is possible for YAML deserialization of gem specifications to bypass class white lists. Specially crafted...
GLSA-201710-01 : RubyGems: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201710-01 RubyGems: Multiple vulnerabilities Multiple vulnerabilities have been discovered in RubyGems. Please review the referenced CVE identifiers for details. Impact : A remote attacker, by enticing a user to install a speciall...
rubygems -- deserialization vulnerability
oss-security mailing list: There is a possible unsafe object desrialization vulnerability in RubyGems. It is possible for YAML deserialization of gem specifications to bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...
Unsafe Object Deserialization Vulnerability in RubyGems
There is a possible unsafe object deserialization vulnerability in RubyGems. It is possible for YAML deserialization of gem specifications to bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...
RubyGems: Multiple vulnerabilities
Background RubyGems is a sophisticated package manager for Ruby. Description Multiple vulnerabilities have been discovered in RubyGems. Please review the referenced CVE identifiers for details. Impact A remote attacker, by enticing a user to install a specially crafted gem, could possibly execute...
RubyGems: Gem signature forgery
Summary Inconsistencies in how gem processes gem files make it possible to reuse a signature from an existing signed gem and apply it to arbitrary contents. The forged gem will install even with -P HighSecurity. The attached file multijson-1.12.2.gem is a forged version of the genuine...
RubyGems: Remote code execution on rubygems.org
When parsing a gem POSTed to the /api/v1/gems endpoint, the rubygems.org application immediately calls Gem::Package.newbody.spec inside app/models/pusher.rb. The authors of the application correctly observed that parsing untrusted YAML is dangerous since it can serialize more or less arbitrary...
RubyGems: Request Hijacking Vulnerability in RubyGems 2.6.13 and earlier
We received this report via security@ from [email protected], I'm filing here for tracking and visibility purposes... "I was looking at commit 8d91516fb7037ecfb27622f605dc40245e0f8d32, which was the fix for the DNS hijacking issue CVE-2017-0902. The function still handles the DNS response in ...
Medium: ruby22, ruby23
Issue Overview: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP A SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands i...
[SECURITY] Fedora 27 Update: rubygems-2.6.13-100.fc27
RubyGems is the Ruby standard for publishing and managing third party libraries...