Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1575-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description:...

openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2020:1536-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1536-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...

Fedora: Security Advisory for rubygem-activeresource (FEDORA-2020-02646284df)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1536-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This updat...

Fedora: Security Advisory for rubygem-puma (FEDORA-2020-fe354f24e8)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1533-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1533-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This updat...

SUSE-SU-2020:2710-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177...

SUSE-SU-2020:2686-1 Security update for rubygem-actionview-4_2

This update for rubygem-actionview-42 fixes the following issues: - CVE-2020-15169: Fix cross-site scripting in translation helpers bsc1176421...

SUSE-SU-2020:2678-1 Security update for rubygem-rack

This update for rubygem-rack to version 1.6.13 fixes the following issues: - CVE-2020-8184: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names bsc1173351. - CVE-2020-8161: Fixed a directory traversal bsc1172037. - CVE-2019-16782: Fixed an...

CVE-2020-15169

A flaw was found in rubygem-actionview in versions prior to 5.2.4.4 and 6.0.3.3. When an HTML-unsafe string is passed as the default for a missing translation key, the default string is incorrectly marked as HTML-safe and not escaped. Thie highest threat from this vulnerability is to data...

Amazon Linux AMI : rubygem-json (ALAS-2020-1423)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1423 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar toCVE-2013-0269, but doe...

[SECURITY] Fedora 32 Update: rubygem-kramdown-2.1.0-3.fc32

kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions...

[SECURITY] Fedora 31 Update: rubygem-kramdown-1.17.0-6.fc31

kramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2020-f6eee9a2d3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 32 : rubygem-kramdown (2020-f6eee9a2d3)

A security flaw was found on ruby kramdown which may lead to unintended code execution. This vulnerability is now assigned as CVE-2020-14001 . This new rpm should fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update syste...

Fedora: Security Advisory for rubygem-kramdown (FEDORA-2020-5c70d97eca)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moped Rubygem Data Injection Vulnerability

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service worker resource consumption or perform a cross-site scripting XSS attack via a crafted string...

GHSA-F93J-HMCR-JCWH Moped Rubygem Data Injection Vulnerability

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service worker resource consumption or perform a cross-site scripting XSS attack via a crafted string...