CVE-2020-8184

A flaw was found in rubygem-rack. An attacker may be able to trick a vulnerable application into processing an insecure non-SSL or cross-origin request if they can gain the ability to write arbitrary cookies that are sent to the application. The highest threat from this vulnerability is to data...

SUSE SLED15 / SLES15 Security Update : rubygem-bundler (SUSE-SU-2020:1582-1)

This update for rubygem-bundler fixes the following issue : CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...

CVE-2020-4054

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...

CVE-2020-4054

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...

Cross site scripting

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...

CVE-2020-4054

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...

CVE-2020-4054 Cross-site Scripting in Sanitize

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...

CVE-2020-4054

Summary of CVE-2020-4054 details from connected docs: The Ruby gem Sanitize (versions =3.0.0) had a cross-site scripting bypass when sanitizing HTML with the default or relaxed/custom configs that allowed elements such as iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, x...

CVE-2020-4054

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...

openSUSE: Security Advisory for rubygem-bundler (openSUSE-SU-2020:0803-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for rubygem-bundler (moderate)

openSUSE Security Update: Security update for rubygem-bundler Announcement ID: openSUSE-SU-2020:0803-1 Rating: moderate References: 1143436 Cross-References: CVE-2019-3881 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

OPENSUSE-SU-2020:0803-1 Security update for rubygem-bundler

This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436. This update was imported from the SUSE:SLE-15:Update update project...

Updated ruby-rack packages fix security vulnerability

Updated ruby-rack packages fix security vulnerabilities: There's a possible information leak / session hijack vulnerability in RackRubyGem rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...

Moderate: Red Hat Security Advisory: pcs security and bug fix update

An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

RHEL 8 : pcs (RHSA-2020:2473)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2473 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-json: Unsafe Object...

RHEL 8 : pcs (RHSA-2020:2462)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2462 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-json: Unsafe Object...

SUSE-SU-2020:1582-1 Security update for rubygem-bundler

This update for rubygem-bundler fixes the following issue: - CVE-2019-3881: Fixed insecure permissions on a directory in /tmp/ that allowed malicious code execution bsc1143436...

Regular Expression Denial of Service in websocket-extensions (RubyGem)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

GHSA-G6WQ-QCWM-J5G2 Regular Expression Denial of Service in websocket-extensions (RubyGem)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

Regular Expression Denial of Service in websocket-extensions (RubyGem)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...