1243 matches found
Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)
Summary Nokogiri v1.13.2 upgrades two of its packaged dependencies: vendored libxml2 from v2.9.12 to v2.9.13 vendored libxslt from v1.1.34 to v1.1.35 Those library versions address the following upstream CVEs: libxslt: CVE-2021-30560 CVSS 8.8, High severity libxml2: CVE-2022-23308 Unspecified...
XSS vulnerabilities via data-parent, data-target, data-container in bootstrap
In Bootstrap before 4.1.2, XSS is possible in collapse data-parent attribute CVE-2018-14040, data-target property of scrollspy CVE-2018-14041, data-container property of tooltip CVE-2018-14042...
WEBrick RCE Vulnerability
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name...
Circumvention of file size limits in ActiveStorage
There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct...
Data Injection Vulnerability in moped Rubygem
A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object...
Buffer overrun in String-to-Float conversion
A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float. This vulnerability has been assigned the CVE identifier CVE-2022-28739. We strongly recommend upgrading Ruby. Due to a bug in an internal function that converts a String to a Float, some convertion...
Possible Remote Code Execution Exploit in Rails Development Mode
There is a possible a possible remote code executing exploit in Rails when in development mode. This vulnerability has been assigned the CVE identifier CVE-2019-5420. Versions Affected: 6.0.0.X, 5.2.X. Not affected: 5.2.0 Fixed Versions: 6.0.0.beta3, 5.2.2.1 Impact ------ With some knowledge of a...
Doorkeeper gem does not revoke token for public clients
Any OAuth application that uses public/non-confidential authentication when interacting with Doorkeeper is unable to revoke its tokens when calling the revocation endpoint. A bug in the token revocation API would cause it to attempt to authenticate the public OAuth client as if it was a...
Possible code injection vulnerability in Rails / Active Storage
There is a possible code injection vulnerability in the Active Storage module of Rails. This vulnerability has been assigned the CVE identifier CVE-2022-21831. Versions Affected: = 5.2.0 Not affected: params:v % Where the transformation method or its arguments are untrusted arbitrary input. All...
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 6.1.7.1, 7.0.4.1 Impact A specially crafted HTTP...
Possible shell escape sequence injection vulnerability in Rack
There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30123. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1 Impact Carefully crafted...
Possible XSS Vulnerability in Action Pack
There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned the CVE identifier CVE-2022-22577. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1 Impact CSP headers were only sent along with responses that Rails...
Unsafe Object Creation Vulnerability in JSON (Additional fix)
When parsing certain JSON documents, the json gem including the one bundled with Ruby can be coerced into creating arbitrary objects in the target system. This is the same issue as CVE-2013-0269. The previous fix was incomplete, which addressed JSON.parseuserinput, but didn’t address some other...
Percent-encoded cookies can be used to overwrite existing prefixed cookie names
It is possible to forge a secure or host-only cookie prefix in Rack using an arbitrary cookie write by using URL encoding percent-encoding on the name of the cookie. This could result in an application that is dependent on this prefix to determine if a cookie is safe to process being manipulated...
Jekyll _config.yml privilege escalation
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...
ruby -- DNS spoofing vulnerability in resolv.rb
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than...
Denial of Service Vulnerability in Rack Multipart Parsing
There is a possible denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30122. Versions Affected: = 1.2 Not affected: 1.2 Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1 Impact Carefully crafted multipart POST...
Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion
Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...
Decidim vulnerable to data disclosure through the embed feature
Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches Version 0.27.6...
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Several vulnerabilities were discovered in the libxml2 and libxslt libraries that the Nokogiri gem depends on. CVE-2015-1819 A denial of service flaw was found in the way libxml2 parsed XML documents. This flaw could cause an application that uses libxml2 to use an excessive amount of memory...
Cookie Prefix Spoofing in CGI::Cookie.parse
The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. By this fix, CGI::Cookie.parse no longer decodes cookie names. Note that this i...
Double free in Regexp compilation
A double-free vulnerability is discovered in Regexp compilation. This vulnerability has been assigned the CVE identifier CVE-2022-28738. We strongly recommend upgrading Ruby. Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same...
Out-of-bounds Write in zlib affects Nokogiri
Summary Nokogiri v1.13.4 updates the vendored zlib from 1.2.11 to 1.2.12, which addresses CVE-2018-25032. That CVE is scored as CVSS 7.4 "High" on the NVD record as of 2022-04-05. Please note that this advisory only applies to the CRuby implementation of Nokogiri = v1.13.4. Impact CVE-2018-25032 ...
CVE-2011-1004 Ruby: Symlink race condition by removing directory trees in fileutils module
The FileUtils.removeentrysecure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack...
CVE-2012-5371 ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
Ruby aka CRuby 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains...
Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation
Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...
Authorization header leak on port redirect in mechanize
Summary Mechanize rubygem Cookies do not provide isolation by port. If a cookie is readable by a service running on one port, the cookie is also readable by a service running on another port of the same server. If a cookie is writable by a service on one port, the cookie is also writable by a...
CSRF Protection Bypass in Ruby on Rails
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...
CSV-Safe improperly filters special characters potentially leading to CSV injection
CSV-Safe gem 3.0.0 doesn't filter out special characters which could trigger CSV Injection...
Keepalive Connections Causing Denial Of Service in puma
Impact The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by...
Blacklist keys are no longer being filtered in airbrake-ruby
A flaw in airbrake-ruby v4.2.3 prevented user data from being filtered prior to sending to Airbrake. Such data could be user passwords. Therefore, an app could leak user passwords without knowing it...
SQL Injection Vulnerability in Ruby on Rails
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...
Unsafe Query Generation Risk in Active Record
There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. Impact ------ Due to the way Active Record interprets parameters in combination with the way that JSON parameters are...
HTTP response splitting in WEBrick (Additional fix)
If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This is the same issue as CVE-2017-17742. The previous fix was incomplete, which addressed the...
Cross-Site Request Forgery in Spina
A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/mediafolders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...
CVE-2012-2661 rubygem-activerecord: SQL injection when processing nested query paramaters
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...
matestack-ui-core is vulnerable to XSS/Script injection
matestack-ui-core does not excape strings by default and does not cover this in the docs. matestack-ui-core should escape strings by default in order to prevent XSS/Script injection vulnerability. v0.7.4 fixes that by escaping strings by default...
twitter-bootstrap-rails vulnerable to Cross-Site Scripting (XSS)
The seyhunak/twitter-bootstrap-rails gem includes a vendored version of the Bootstrap JavaScript library. In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. The most recent version of this gem, 5.0.0, includes Bootstrap v 3.3.6. Al...
Command injection vulnerability in Net::FTP
There is a command injection vulnerability in Net::FTP bundled with Ruby. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the pipe character "|", the command following the pipe character is...
Timing attack vulnerability in basic authentication in Action Controller.
There is a timing attack vulnerability in the basic authentication support in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2015-7576. Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1 Impact ------ Due to the w...
fileutils Gem for Ruby file_utils.rb Crafted URL Handling Remote Command Execution
fileutils Gem for Ruby contains a flaw in fileutils.rb. The issue is triggered when handling a specially crafted URL containing a command after a delimiter ;. This may allow a remote attacker to potentially execute arbitrary commands...
Ruby Properly initialize the random number generator when forking new process
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...
Devise-Two-Factor vulnerable to brute force attacks
Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's TOTP inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks. Impact If a...
Smashing Cross-site Scripting vulnerability
Smashing 1.3.4 is vulnerable to Cross Site Scripting XSS. A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment e.g. if re-using internal URL's for...
Ruby Gem nori Parameter Parsing Remote Code Execution
The Ruby Gem nori has a parameter parsing error that may allow an attacker to execute arbitrary code. This vulnerability has to do with type casting during parsing, and is related to CVE-2013-0156...
Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2 - protocol-relative URI objects still bypass host scoping
Summary Faraday::Connectionbuildexclusiveurl still allows protocol-relative host override when the request target is provided as a URI object instead of a String. This bypasses the February 2026 fix for GHSA-33mh-2634-fwr2 and can redirect a request built from a fixed-base Faraday::Connection to ...
Bootstrap Cross-Site Scripting (XSS) vulnerability
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...
json Gem for Ruby Unsafe Object Creation Vulnerability (additional fix)
There is an unsafe object creation vulnerability in the json gem bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2020-10663. We strongly recommend upgrading the json gem. Details ------- When parsing certain JSON documents, the json gem including the one bundled wit...
A NUL injection vulnerability of File.fnmatch and File.fnmatch?
Built-in methods File.fnmatch and its alias File.fnmatch? accept the path pattern as their first parameter. When the pattern contains NUL character \0, the methods recognize that the path pattern ends immediately before the NUL byte. Therefore, a script that uses an external input as the pattern...
Unintentional file and directory creation with directory traversal in tempfile and tmpdir
There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby, because it uses tmpdir internally Dir.mktmpdir method introduced by tmpdir library accepts the pref...