CVE-2023-27539

A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service. Mitigation Setting Regexp.timeout in Ruby 3.2 is a possible workaround...

CVE-2023-28120

A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrusted user input, malicious code could be executed. Mitigation Avoid calling bytesplice on a SafeBuffer htmlsafe string with untrusted user input...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2023:0725-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0725-1 advisory. - A DoS vulnerability exists in Rack v3.0.4.2, v2.2.6.3, v2.1.4.3 and v2.0.9.3 within in the Multipart MIME parsing code in which could...

SUSE-SU-2023:0725-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2023-27530: Fixed denial of service in Multipart MIME parsing bsc1209095...

OESA-2023-1154 rubygem-activesupport security update

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted...

CVE-2023-27530

A flaw was found in rubygem-rack. This issue occurs in the Multipart MIME parsing code in Rack, which limits the number of file parts but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than...

SUSE-SU-2023:0649-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2022-44570: Fixed a potential denial of service when parsing a RFC2183 multipart boundary bsc1207597. - CVE-2022-44571: Fixed a potential denial of service when parsing a Range header bsc1207599...

rubygem-rack 安全漏洞

rubygem-rack is an application in the rubygems open source. A security vulnerability exists in rubygem-rack, which stems from a denial of service vulnerability in the parsing...

SUSE-SU-2023:0612-1 Security update for rubygem-activesupport-4_2

This update for rubygem-activesupport-42 fixes the following issues: - CVE-2023-22796: Fixed a potential denial of service when passing a crafted input to the underscore method due to an inefficient regular expression bsc1207454...

SUSE-SU-2023:0587-1 Security update for rubygem-activerecord-4_2

This update for rubygem-activerecord-42 contains the following fixes: - CVE-2022-44566: Fixed a potential denial of service due to an inefficient comparison between integer and numeric values. bsc1207450 - fixed regression caused by fix for CVE-2022-44566. bsc1207450...

SUSE-SU-2023:0518-1 Security update for rubygem-activerecord-4_2

This update for rubygem-activerecord-42 fixes the following issues: - CVE-2022-44566: Fixed a potential denial of service due to an inefficient comparison between integer and numeric values bsc1207450...

SUSE-SU-2023:0492-1 Security update for rubygem-activerecord-5_1

This update for rubygem-activerecord-51 fixes the following issues: - CVE-2022-44566: Fixed possible denial of service vulnerability in ActiveRecord's PostgreSQL adapter bsc1207450...

OESA-2023-1112 rubygem-globalid security update

URIs for your models makes it easy to pass references around. Security Fixes: A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2023:0444-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0444-1 advisory. - A regular expression based DoS vulnerability in Action Dispatch 6.0.6.1, 6.1.7.1, and 7.0.4.1. Specially crafted cookies, in...

OESA-2023-1101 rubygem-globalid security update

URIs for your models makes it easy to pass references around. Security Fixes: A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an...

SUSE-SU-2023:0444-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2023-22795: Fixed ReDoS in Action Dispatch cache bsc1207451. - CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies bnc1207455...

SUSE-SU-2023:0442-1 Security update for rubygem-actionpack-4_2

This update for rubygem-actionpack-42 fixes the following issues: - CVE-2023-22795: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted HTTP header bsc1207451. - CVE-2023-22792: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted...

SUSE CVE-2015-4410

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service worker resource consumption or perform a cross-site scripting XSS attack via a crafted string...

SUSE CVE-2020-4054

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...

openSUSE 15 Security Update : rubygem-globalid (SUSE-SU-2023:0328-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:0328-1 advisory. - A ReDoS based DoS vulnerability in the GlobalID 1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression...