Lucene search
K
GitlabRecent

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
•added 2017/05/15 12:0 a.m.•29 views

Code Injection

pygmentize contains a Remote Code Execution vulnerability...

5.8AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2017/05/12 12:0 a.m.•30 views

XSS vulnerability in old test script

Cross-site scripting vulnerability in ADOdb allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS4.1AI score0.01946EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2017/05/09 12:0 a.m.•14 views

Cookie leakage to wrong origins and non-restricted cookie acceptance

Cookie leakage to wrong origins and non-restricted cookie acceptance...

2.3AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2017/05/07 12:0 a.m.•11 views

Cookie leakage, non-restricted cookie acceptance

Cookies of foo.bar.example.com are leaked to foo.bar. Additionally, any site can set cookies for any other site...

2.2AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2017/03/13 12:0 a.m.•39 views

Serialization vulnerability

A serialization vulnerability was found in the SocketServer and ServerSocketReceiver components...

9.8CVSS4.3AI score0.07501EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2016/11/05 12:0 a.m.•15 views

Remote Code Execution

There's a Remote Code Execution vulnerability in the highlight function of Pygmentize...

1.9AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2016/10/03 12:0 a.m.•27 views

SQL Injection

The qstr method in the PDO driver in the ADOdb Library for PHP might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting...

9.8CVSS5.4AI score0.02984EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2016/09/07 12:0 a.m.•31 views

Possible XSS Vulnerability

There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers...

6.1CVSS1.5AI score0.03438EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2016/09/07 12:0 a.m.•46 views

Unsafe Query Generation Risk

There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155...

7.5CVSS3.9AI score0.03903EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2016/07/18 12:0 a.m.•50 views

HTTP Proxy header vulnerability

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. See provided link...

8.1CVSS0.6AI score0.50427EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2016/06/07 12:0 a.m.•43 views

Security Misconfiguration Vulnerability

There's an improper default directory umask that can potentially allow unauthorized modifications of PHP code...

7.8CVSS3.7AI score0.00381EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2016/04/07 12:0 a.m.•30 views

Possible Information Leak Vulnerability

Applications that pass unverified user input to the render method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: def index; render params:id; end Carefully crafted requests can cause the above code to render files from unexpect...

5.3CVSS2.6AI score0.04423EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2016/04/01 12:0 a.m.•37 views

Cross-site request forgery

Administrate::ApplicationController actions don't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf...

5.4CVSS4.9AI score0.00316EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2016/02/15 12:0 a.m.•30 views

Possible Input Validation Circumvention

Code that uses Active Model based models including Active Record models and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacte...

5.3CVSS4.8AI score0.07157EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2016/02/15 12:0 a.m.•21 views

Nested attributes rejection proc bypass

When using the nested attributes feature in Active Record you can prevent the destruction of associated records by passing the allowdestroy: false option to the acceptsnestedattributesfor method. The allowdestroy flag prevents the :rejectif proc from being called because it assumes that the recor...

5.3CVSS5.7AI score0.0425EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2016/02/03 12:0 a.m.•70 views

Improper Access Control

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...

7.7CVSS5.5AI score0.01583EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2015/12/07 12:0 a.m.•31 views

Settings leak in date template filter

If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format. e.g. SECRETKEY instead of j/m/Y...

5CVSS3.4AI score0.04284EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2015/07/26 12:0 a.m.•28 views

Possible Denial of Service

Specially crafted XML documents can cause applications to raise a SystemStackError and potentially cause a denial of service attack. This nonly impacts applications using REXML or JDOM as their XML processor. Other XML processors that Rails supports are not impacted...

5CVSS5.7AI score0.04261EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2015/07/26 12:0 a.m.•48 views

XSS Vulnerability in ActiveSupport::JSON.encode

When a Hash containing user-controlled data is encoded as JSON either through Hashtojson or ActiveSupport::JSON.encode, Rails does not perform adequate escaping that matches the guarantee implied by the escapehtmlentitiesinjson option which is enabled by default. If this resulting JSON string is...

4.3CVSS6.8AI score0.0278EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2015/07/14 12:0 a.m.•34 views

DOS by filling session store

The session backends created a new empty record in the session storage anytime request.session was accessed and there was a session key provided in the request cookies that didn't already have a session record. This could allow an attacker to easily create many new session records simply by sendi...

7.8CVSS6.1AI score0.07266EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2015/07/14 12:0 a.m.•40 views

Header injection via multi-lines input

Some built-in validators django.core.validators.EmailValidator, most seriously don't prohibit newline characters due to the usage of $ instead of \Z in the regular expressions. If you use values with newlines in HTTP response or email headers, you can suffer from header injection attacks...

4.3CVSS6.6AI score0.03665EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2015/07/14 12:0 a.m.•37 views

DOS via URL validation

django.core.validators.URLValidator includes a regular expression that was extremely slow to evaluate against certain inputs...

7.8CVSS6.2AI score0.02975EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2015/03/24 12:0 a.m.•36 views

Improper Restriction of XML External Entity Reference

XML external entity XXE vulnerability in the SVG to PNG and JPG conversion classes in Apache Batik allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file...

6.4CVSS8.2AI score0.16564EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2015/01/07 12:0 a.m.•32 views

Textile Link Parsing XSS

RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting XSS attack. This flaw exists because the program does not validate input when parsing textile links before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute...

4.3CVSS4.7AI score0.02253EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/10/24 12:0 a.m.•28 views

Cryptographic Issues

Certificates.java in Not Yet Commons SSL does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

6.8CVSS8.7AI score0.00932EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/10/16 12:0 a.m.•14 views

Incomplete List of Disallowed Inputs

A flaw in the iptype function is triggered when handling octal encoding. This may allow a remote attacker to bypass the IP exclusion feature...

2.4AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/09/29 12:0 a.m.•15 views

Object Injection

A flaw in Active Job that can allow string arguments to be deserialized as if they were Global IDs. This may allow a remote attacker to inject arbitrary objects...

4.7AI score
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/08/20 12:0 a.m.•38 views

Strong Parameter bypass with create_with

The createwith functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection...

7.5CVSS6.3AI score0.02797EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/07/07 12:0 a.m.•58 views

SQL Injection Vulnerabilities Affecting PostgreSQL

SQLi vulnerability in activerecord...

7.5CVSS6.3AI score0.04181EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/05/19 12:0 a.m.•33 views

Incorrect Default Permissions

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...

4.4CVSS5.7AI score0.00373EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/05/16 12:0 a.m.•33 views

Caches may be allowed to store and serve private data

Django contains a flaw that is triggered as the program improperly removes Vary and Cache-Control headers from HTTP responses during a reply to a request from some older versions of Internet Explorer or the Chrome Frame client. This may allow a context-dependent attacker to gain access to...

6.4CVSS6.3AI score0.02546EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/05/16 12:0 a.m.•36 views

Malformed URLs from user input incorrectly validated

The validation for redirects does not correctly validate some malformed URLs, which are accepted by some browsers. This allows a user to be redirected to an unsafe URL unexpectedly...

4.3CVSS6.2AI score0.03123EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/05/13 12:0 a.m.•65 views

Local File inclusion

A local file inclusion is possible by specifying full path to any desired file in the Kickstart value in Cobbler's WebUI...

4CVSS6.1AI score0.08809EPSS
Exploits2References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/05/02 12:0 a.m.•55 views

Remote Command Injection

Unsanitized input is passed to the shell. A malicious user can inject shell commands by sending shell meta characters like ';' in some variables...

7.5CVSS6.5AI score0.02188EPSS
Exploits3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/04/23 12:0 a.m.•40 views

Unexpected code execution using reverse()

Django incorrectly handle dotted Python paths when using the django.core.urlresolvers.reverse function. An attacker can use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution...

5.1CVSS6.7AI score0.0565EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/04/23 12:0 a.m.•32 views

MySQL typecasting

When using a MySQL database, Django don't perform explicit conversion of the fields: FilePathField GenericIPAddressField IPAddressField If a query is performed without first converting values to the appropriate type, this can produce unexpected results, similar to what would occur if the query...

10CVSS6.1AI score0.04753EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/04/23 12:0 a.m.•27 views

Caching of anonymous pages could reveal CSRF token

Django incorrectly cache certain pages that contain CSRF cookies. An attacker can possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions...

5CVSS6.2AI score0.0199EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2014/02/20 12:0 a.m.•59 views

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ backslash characters that are not properly handle...

6.8CVSS7.9AI score0.01304EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/12/07 12:0 a.m.•60 views

Improper Input Validation

actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...

5CVSS5.9AI score0.207EPSS
Exploits2References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/12/06 12:0 a.m.•38 views

XSS Vulnerability in simple_format helper

The simpleformat helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass...

4.3CVSS0.9AI score0.01963EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/12/06 12:0 a.m.•63 views

XSS Vulnerability in number_to_currency

The numbertocurrency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack...

4.3CVSS3.3AI score0.03171EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/12/06 12:0 a.m.•37 views

Reflective XSS Vulnerability

There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to...

4.3CVSS2.8AI score0.02233EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/12/06 12:0 a.m.•47 views

Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)

Due to the way that Rack::Request and Rails::Request interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameter...

6.4CVSS3.2AI score0.08245EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/10/16 12:0 a.m.•34 views

Possible DoS Vulnerability

A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: "some string userinput" % somenumber...

4.3CVSS3AI score0.03135EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/09/23 12:0 a.m.•33 views

DOS via large passwords

The authentication framework django.contrib.auth computes the hash of a password each time a user attempts to log in, no matter the length of the password. Thus, a remote attacker can cause a denial of service CPU consumption by repeatedly submitting long passwords...

5CVSS2.3AI score0.02661EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/09/16 12:0 a.m.•32 views

Directory traversal with ssi template tag

Directory traversal vulnerability allows remote attackers to read arbitrary files via a file path in the ALLOWEDINCLUDEROOTS setting followed by a .. in a ssi template tag...

5CVSS5.5AI score0.03182EPSS
Exploits2References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/08/28 12:0 a.m.•16 views

Passwordless login

Users are able to log themselves in with a blank password, even for users who are NOT currently in the users table ie have never previously logged in...

1.9AI score
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/03/19 12:0 a.m.•35 views

Symbol DoS vulnerability in Active Record

When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce params:name to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use on...

5CVSS2.1AI score0.03438EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/03/19 12:0 a.m.•45 views

XML Parsing Vulnerability affecting JRuby users

There is a vulnerability in the JDOM backend to ActiveSupport's XML parser. you should upgrade or use one of the work arounds immediately...

5.8CVSS4.5AI score0.02054EPSS
Exploits1References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
•added 2013/03/19 12:0 a.m.•43 views

XSS vulnerability in sanitize_css in Action Pack

Carefully crafted text can bypass the sanitization provided in the sanitizecss method in Action Pack...

4.3CVSS2.9AI score0.0264EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities1518