GHSA-F599-5M7P-HCPF grape subject to Cross-site Scripting

The grape rubygem suffers from a cross-site scripting XSS vulnerability via "format" parameter...

grape subject to Cross-site Scripting

The grape rubygem suffers from a cross-site scripting XSS vulnerability via "format" parameter...

GHSA-8474-RC7C-WRHP High severity vulnerability that affects safemode

Withdrawn, accidental duplicate publish. The safemode rubygem, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privileg...

SUSE-SU-2018:2217-1 Security update for rubygem-sprockets-2_12

This update for rubygem-sprockets-212 fixes the following issues: Security issue fixed: - CVE-2018-3760: Fix path traversal in sprockets/server.rb:forbiddenrequest? that can allow remote attackers to read arbitrary files bsc1098369...

SUSE-SU-2018:2176-1 Security update for rubygem-sprockets-2_12

This update for rubygem-sprockets-212 fixes the following issues: Security issue fixed: - CVE-2018-3760: Fix path traversal in sprockets/server.rb:forbiddenrequest? that can allow remote attackers to read arbitrary files bsc1098369...

FreeBSD : rubygem-doorkeeper -- token revocation vulnerability (e309a2c7-598b-4fa6-a398-bc72fbd1d167)

NVD reports : Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. C Tenable Network Security, Inc. The descriptive text...

Json-jwt did not verify the cryptographic signature for data

The json-jwt rubygem version = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network...

GHSA-MJ4X-WCXF-HM8X Json-jwt did not verify the cryptographic signature for data

The json-jwt rubygem version = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network...

openSUSE Security Update : rubygem-sprockets (openSUSE-2018-773)

This update for rubygem-sprockets fixes the following issues : The following security vulnerability was addressed : - CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbiddenrequest?, which allowed remote attackers to read arbitrary files bsc1098369 This update was imported fr...

Security update for rubygem-sprockets (moderate)

This update for rubygem-sprockets fixes the following issues: The following security vulnerability was addressed: - CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbiddenrequest?, which allowed remote attackers to read arbitrary files bsc1098369 This update was imported from...

Fedora 27 : rubygem-sprockets (2018-fd29597fa4)

Update to Sprockets 3.7.2. Fixes CVE-2018-3760: https://access.redhat.com/security/cve/cve-2018-3760 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much ...

Low severity vulnerability that affects sensu

The sensu rubygem prior to version 1.2.0 contains a CWE-522 Insufficiently Protected Credentials flaw that can result in sensitive configuration data e.g. passwords being logged in clear-text. Users are advised to upgrade to rubygem version 1.2.1 or later...

SUSE-SU-2018:2039-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issue: The following security vulnerability was addressed: - CVE-2018-12029: Fixed a file system access race condition in the chown command, which allowed for local privilege escalation and affects the Nginx module bsc1097663...

SUSE-SU-2018:1994-1 Security update for rubygem-sprockets

This update for rubygem-sprockets fixes the following issues: The following security vulnerability was addressed: - CVE-2018-3760: Fixed a path traversal issue in sprockets/server.rb:forbiddenrequest?, which allowed remote attackers to read arbitrary files bsc1098369...

[SECURITY] Fedora 28 Update: rubygem-sprockets-3.7.2-1.fc28

Sprockets is a Rack-based asset packaging system that concatenates and serv es JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS...

Fedora Update for rubygem-sprockets FEDORA-2018-2735a12b72

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-sprockets FEDORA-2018-fd29597fa4

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 27 Update: rubygem-sprockets-3.7.2-1.fc27

Sprockets is a Rack-based asset packaging system that concatenates and serv es JavaScript, CoffeeScript, CSS, LESS, Sass, and SCSS...

rubygem-doorkeeper -- token revocation vulnerability

NVD reports: Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry...

openSUSE Security Update : rubygem-yard (openSUSE-2018-707)

This update for rubygem-yard fixes the following issues : - CVE-2017-17042: The server in YARD did not block relative paths with an initial ../ sequence, which allowed attackers to conduct directory traversal attacks and read arbitrary files bsc1070263. This update was imported from the...