[SECURITY] Fedora 35 Update: rubygem-puma-4.3.6-5.fc35

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker...

SUSE-SU-2022:2885-1 Security update for rubygem-rails-html-sanitizer

This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2022-32209: Fixed a potential content injection under specific configurations bsc1201183...

openSUSE: Security Advisory for rubygem-rails-html-sanitizer (SUSE-SU-2022:2870-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES15 Security Update : rubygem-rails-html-sanitizer (SUSE-SU-2022:2870-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2870-1 advisory. - Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of...

SUSE-SU-2022:2870-1 Security update for rubygem-rails-html-sanitizer

This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2022-32209: Fixed a potential content injection under specific configurations bsc1201183...

Fedora: Security Advisory for rubygem-rails-html-sanitizer (FEDORA-2022-ce4719993c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-rails-html-sanitizer (FEDORA-2022-974fffb418)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GLSA-202208-29 : Nokogiri: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-29 Nokogiri: Multiple Vulnerabilities - Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schema...

SUSE-SU-2022:2765-1 Security update for rubygem-tzinfo

This update for rubygem-tzinfo fixes the following issues: - CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files bsc1201835...

openSUSE: Security Advisory for rubygem-tzinfo (SUSE-SU-2022:2592-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES15 Security Update : rubygem-tzinfo (SUSE-SU-2022:2592-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2592-1 advisory. - TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to...

SUSE-SU-2022:2592-1 Security update for rubygem-tzinfo

This update for rubygem-tzinfo fixes the following issues: - CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files bsc1201835...

CVE-2022-31163

A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within t...

SUSE-SU-2022:2526-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS bsc1200748 - CVE-2022-30123: Fixed crafted requests can cause shell escape sequences bsc1200750 The following non-security bug was fixed: - Fixed a regression in...

CVE-2022-23712 affecting package rubygem-elasticsearch 8.2.0-1

CVE-2022-23712 affecting package rubygem-elasticsearch 8.2.0-1. An upgraded version of the package is available that resolves this issue...

ROS-20220706-02

The Rubygem Rack web application development interface vulnerability is related to incorrect input validation when processing data transmitted through the Rack Lint middleware and CommonLogger middleware. Exploitation of the vulnerability could allow an attacker acting remotely to send specially...

SUSE SLES15 Security Update : rubygem-rack (SUSE-SU-2022:2192-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2192-1 advisory. - A possible denial of service vulnerability exists in Rack 2.0.9.1, 2.1.4.1 and 2.2.3.1 in the multipart parsing component of Rack...

openSUSE: Security Advisory for rubygem-rack (SUSE-SU-2022:2192-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:2192-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS bsc1200748 - CVE-2022-30123: Fixed crafted requests can cause shell escape sequences bsc1200750...

RubyGem Rack 资源管理错误漏洞

RubyGem Rack is a modular interface between a web server and a web application developed using the Ruby programming language. RubyGem Rack suffers from a resource management error vulnerability. An attacker could exploit this vulnerability to cause a fatal error in RubyGem Rack via a Multipart PO...