2168 matches found
CVE-2021-41098
A XML External Entity Reference XXE vulnerability was found in RubyGem Nokogiri on JRuby Java implementation of the Ruby. If attacker is able to insert untrusted XML input containing a reference to an external entity, it is processed by a weakly configured SAX parser, resulting disclosure of...
CVE-2021-41098
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are...
CVE-2021-41098
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are...
CVE-2021-41098
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are...
Xxe
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are...
CVE-2021-41098
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are...
CVE-2021-41098
Summary (CVE-2021-41098 – Nokogiri on JRuby): The Nokogiri Rubygem (v1.12.4 and earlier) on JRuby exposes an XXE-related flaw by resolving external entities by default in the SAX parser. Affected classes include Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser (and Nokogiri::HTML::SAX::Par...
RHEL 7 : rh-ruby27-ruby (RHSA-2021:3559)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3559 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
SUSE-SU-2021:2928-1 Security update for rubygem-addressable
This update for rubygem-addressable fixes the following issues: - CVE-2021-32740: Fixed denial of service via maliciously crafted templates bsc1188207...
SUSE-SU-2021:2927-1 Security update for rubygem-addressable
This update for rubygem-addressable fixes the following issues: - CVE-2021-32740: Fixed denial of service via maliciously crafted templates bsc1188207...
SUSE-SU-2021:2914-1 Security update for rubygem-puma
This update for rubygem-puma fixes the following issues: - CVE-2021-29509: Incomplete fix for CVE-2019-16770 allows Denial of Service bsc1188527...
Fedora: Security Advisory for rubygem-addressable (FEDORA-2021-5d14763df8)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for rubygem-addressable (FEDORA-2021-e9fc035565)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 33 Update: rubygem-addressable-2.7.0-5.fc33
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. It is flexible, offers heuristic parsing, and additionally provides extensive support for IRIs and URI templates...
[SECURITY] Fedora 34 Update: rubygem-addressable-2.7.0-5.fc34
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. It is flexible, offers heuristic parsing, and additionally provides extensive support for IRIs and URI templates...
CVE-2021-22942
A flaw was found in rubygem-actionpack. Specially crafted “X-Forwarded-Host” headers, in combination with certain “allowed host” formats, can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. The highest threat from this vulnerability is to system...
SUSE-SU-2021:2761-1 Security update for rubygem-puma
This update for rubygem-puma fixes the following issues: - CVE-2021-29509: Incomplete fix for CVE-2019-16770 allows Denial of Service bsc1188527...
CVE-2021-32740 affecting package rubygem-addressable 2.7.0-1
CVE-2021-32740 affecting package rubygem-addressable 2.7.0-1. An upgraded version of the package is available that resolves this issue...
CentOS 8 : ruby:2.7 (CESA-2021:3020)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3020 advisory. - rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 - rubygem-rdoc: Command injection...
Important: ruby:2.7 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc:...