1255 matches found
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. Impact Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibl...
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
Impact CarrierWave::Uploader::ContentTypeAllowlist has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the contenttype argument of allowlistedcontenttype? is...
Sisimai Inefficient Regular Expression Complexity vulnerability
A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function toplain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be...
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio "refresh" on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can le...
Cross site scripting in publify
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a 'publisher' role is able to inject and execute arbitrary JavaScript code while creating a page/article...
Missing Initialization of Resource in Apache Arrow
It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...
Gitaly Insufficient Session Expiration vulnerability
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: =1.79.0, =13.4, =13.5, 13.5.2...
apollo_upload_server has Denial of Service vulnerability
A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollouploadserver middleware...
Puppet Arbitrary Command Execution
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full...
Puppet arbitrary files overwrite via a symlink attack
Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/daemonout, 2 /tmp/puppetdoc.txt, 3 /tmp/puppetdoc.tex, or 4 /tmp/puppetdoc.aux temporary file...
Out-of-bounds Read in mrb_obj_is_kind_of in in mruby/mruby
Out-of-bounds Read in mrbobjiskindof in in GitHub repository mruby/mruby prior to 3.2. Impact: Possible arbitrary code execution if being exploited...
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions...
Remote code execution in Dragonfly
An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features...
Connection security vulnerability with schema sync
pgsync drops connection parameters when syncing the schema with the --schema-first and --schema-only options. Some of these parameters may affect security. For instance, if sslmode is dropped, the connection may not use SSL. The first connection parameter is not affected. pgsync drops connection...
Possible XSS Vulnerability in Action Pack in Development Mode
There is a possible XSS vulnerability in Action Pack while the application server is in development mode. This vulnerability is in the Actionable Exceptions middleware. This vulnerability has been assigned the CVE identifier CVE-2020-8264. Versions Affected: = 6.0.0 Not affected: 6.0.0 Fixed...
Gon gem lack of escaping certain input when outputting as JSON
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection mechanism. To mitigate, jsondumper.rb in gon now does escaping for XSS by default without relying on MultiJson...
Directory traversal in Rack::Directory app bundled with Rack
There was a possible directory traversal vulnerability in the Rack::Directory app that is bundled with Rack. Versions Affected: rack = 2.2.0 Impact ------ If certain directories exist in a director that is managed by Rack::Directory, an attacker could, using this vulnerability, read the contents ...
ruby_parser-legacy world writable files allow local privilege escalation
The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...
Denial of Service in rubyzip ("zip bombs")
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service disk consumption...
Code execution backdoor in coming-soon
The coming-soon gem 0.2.8 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. No unaffected version is known to exist, as the gem appears to have been entirely removed...
Installing a malicious gem may lead to arbitrary code execution
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check...
bootstrap Cross-site Scripting vulnerability
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property...
ruby-ffi DDL loading issue on Windows OS
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later...
CHMOD race vulnerability
The file system access race condition allows for local privilege escalation and affects the Nginx module for Passenger versions 5.3.1, all the way back to 3.0.0 the chown command entered the code in 2010. The vulnerability was exploitable only when running a non-standard...
Unsafe Object Deserialization Vulnerability in RubyGems
There is a possible unsafe object deserialization vulnerability in RubyGems. It is possible for YAML deserialization of gem specifications to bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...
RubyGems ANSI escape sequence vulnerability
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences...
Safemode Gem for Ruby is vulnerable to information disclosure
Safemode is initialised with an optional 'delegate' object. If the delegated object is a Rails controller, 'inspect' could be called which then exposes all informations about the App, including routes, secret tokens, caches and so on...
Data Injection Vulnerability in Active Record
The createwith functionality in Active Record was implemented incorrectly and completely bypasses the strong parameters protection. Applications which pass user-controlled values to createwith could allow attackers to set arbitrary attributes on models...
point-cli Gem for Ruby /lib/commands/setup.rb Process Table Local Plaintext Credential Disclosure
point-cli Gem for Ruby contains a flaw in /lib/commands/setup.rb that is due to the application exposing credential information in plaintext in the process table. This may allow a local attacker to gain access to credential information...
Ember.js Potential XSS Exploit With User-Supplied Data When Using {{group}} Helper
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, we have identified a vulnerability that could lead to unescaped content being inserted into the innerHTML string without being sanitized. When using the group...
Paratrooper-newrelic Gem for Ruby Process Listing API Key Local Disclosure
Paratrooper-newrelic Gem for Ruby contains a flaw in /lib/paratrooper-newrelic.rb. The issue is triggered when the script exposes the API key, allowing a local attacker to gain access to it by monitoring the process tree...
XSS Vulnerability in simple_format helper
There is a vulnerability in the simpleformat helper in Ruby on Rails. The simpleformat helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped...
CVE-2013-6459 rubygem-will_paginate: XSS vulnerabilities
Cross-site scripting XSS vulnerability in the willpaginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. It was found that ruby willpaginate is vulnerable to a XSS via malformed input that cause paginatio...
Creme Fraiche Gem for Ruby File Name Shell Metacharacter Injection Arbitrary Command Execution
Creme Fraiche Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input in file names. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...
CVE-2012-2140 rubygem-mail: arbitrary command execution when using exim or sendmail from commandline
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a 1 sendmail or 2 exim delivery...
jruby-openssl Gem for JRuby fails to do proper certificate validation
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...
High Security Vulnerability with authenticate_with_http_digest of Rails
The example code for the digest authentication functionality httpauthentication.rb in Ruby on Rails before 2.3.3 defines an authenticateorrequestwithhttpdigest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication f...
CVE-2008-3790 ruby: DoS vulnerability in the REXML module
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service CPU consumption via an XML document with recursively nested entities, aka an "XML entity explosion...
CVE-2008-2725 ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N
Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the...
Puma's header normalization allows for client to clobber proxy set headers
Impact Clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users trusting headers set by their proxy may be affected. Attackers may be able to downgrade connections to HTTP non-SSL or redirect...
pubnub Insufficient Entropy vulnerability
Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0;...
Unsanitized input leading to code injection in Dalli
A vulnerability was found in Dalli. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is...
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...
RubyGems Link Following vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in installlocation function of package.rb that can result in...
Use-After-Free in str_escape in mruby/mruby in mruby/mruby
Use-After-Free in strescape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited...
XSS in `*Text` options of the Datepicker widget in jquery-ui
Impact Accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $"datepicker".datepicker showButtonPanel: true, showOn: "both", closeText: "doEvilThing'closeText XSS'",...
Improper certificate validation in em-imap
em-imap 0.5 and earlier use the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...
Improper Certificate Validation in Puppet
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...
Missing TLS certificate verification in faye-websocket
The Faye::WebSocket::Client class uses the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a...
Denial of Service in uap-core when processing crafted User-Agent strings
Impact Some regexes are vulnerable to regular expression denial of service REDoS due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTPS request to maliciously crafted long strings. Patches Please update uap-ruby to = v2.6....