CVE-2015-4411

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...

CVE-2015-4410

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service worker resource consumption or perform a cross-site scripting XSS attack via a crafted string...

CVE-2015-4410

CVE-2015-4410 affects rubygem-moped via the Moped::BSON::ObjecId.legal? method. Connected sources confirm that before commit dd5a7c14b5d2e466f7875d079af71ad19774609b, remote attackers could trigger a denial of service (worker resource consumption) or execute a cross-site scripting (XSS) attack by...

CVE-2015-4411

CVE-2015-4411 affects the MongoDB Ruby stack: the Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 (used by rubygem-moped) allows remote denial of service via a crafted string, due to an incomplete fix to CVE-2015-4410. Impact is a targeted DoS via resource consumption; no exp...

CVE-2015-4411

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...

CVE-2020-5241

matestack-ui-core RubyGem before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4...

CVE-2020-5241

matestack-ui-core RubyGem before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4...

Code injection

matestack-ui-core RubyGem before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4...

openSUSE Security Update : rubygem-rack (openSUSE-2020-214)

This update for rubygem-rack to version 2.0.8 fixes the following issues : - CVE-2018-16471: Fixed a cross-site scripting XSS flaw via the scheme method on Rack::Request bsc1116600. - CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability bsc1159548. This update was...

CVE-2020-5241

CVE-2020-5241 affects matestack-ui-core (RubyGem) up to version 0.7.3; the vulnerability is Cross‑Site Scripting (XSS) / Script injection due to strings not being escaped by default. The issue is fixed in 0.7.4. Public sources from NVD, Red Hat, Veracode, and CVE records consistently describe the...

CVE-2020-5241 XSS/Script injection vulnerability in matestack

matestack-ui-core RubyGem before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4...

GHSA-3JQW-VV45-MJHH XSS/Script injection vulnerability in matestack

matestack-ui-core RubyGem before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4...

XSS/Script injection vulnerability in matestack

matestack-ui-core RubyGem before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4...

OPENSUSE-SU-2020:0214-1 Security update for rubygem-rack

This update for rubygem-rack to version 2.0.8 fixes the following issues: - CVE-2018-16471: Fixed a cross-site scripting XSS flaw via the scheme method on Rack::Request bsc1116600. - CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability bsc1159548. This update was...

Security update for rubygem-rack (moderate)

openSUSE Security Update: Security update for rubygem-rack Announcement ID: openSUSE-SU-2020:0214-1 Rating: moderate References: 1114828 1116600 1159548 Cross-References: CVE-2018-16471 CVE-2019-16782 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one erra...

CVE-2020-5216

A directive injection vulnerability was found in Secure Headers RubyGem before versions 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into the vulnerable function, a new line could be injected, leading to limited header injection, which could create a new Content Security Policy head...

CVE-2020-5217

A flaw was found in rubygem-secureheaders in versions prior to 6.2.0, 5.1.0, and 3.8.0. If user-supplied input was passed into append/overridecontentsecuritypolicydirectives, a semicolon could be injected leading to directive injection which could be used to override a script-src directive. The...

SUSE SLED15 / SLES15 Security Update : rubygem-rack (SUSE-SU-2020:0359-1)

This update for rubygem-rack to version 2.0.8 fixes the following issues : CVE-2018-16471: Fixed a cross-site scripting XSS flaw via the scheme method on Rack::Request bsc1116600. CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability bsc1159548. Note that Tenable...

SUSE-SU-2020:0359-1 Security update for rubygem-rack

This update for rubygem-rack to version 2.0.8 fixes the following issues: - CVE-2018-16471: Fixed a cross-site scripting XSS flaw via the scheme method on Rack::Request bsc1116600. - CVE-2019-16782: Fixed a possible information leak and session hijack vulnerability bsc1159548...

SUSE-SU-2020:0311-1 Security update for crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client

This update for crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client contains the following fixes: Security fixes for rubygem-crowbar-client: - CVE-2018-17954: Fixed an issue where crowbar was leaking the secret admin passwords to all nodes bsc1117080 Changes in...