1243 matches found
Unintentional file and directory creation with directory traversal in tempfile and tmpdir
There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby, because it uses tmpdir internally Dir.mktmpdir method introduced by tmpdir library accepts the pref...
private_address_check Ruby Gem Blacklist Bypass privilege escalation
The privateaddresscheck ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery...
Puma HTTP Request/Response Smuggling vulnerability
Impact Prior to versions 6.4.2 and 5.6.8, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource CPU, network...
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...
Prototype Pollution in handlebars
The bootstrap-wysihtml5-rails gem includes the vendored JavaScript library 'handlebars.js'. Versions 0.3.3.7-0.3.3.8 include handlebars 3.0.2, and versions 0.3.3.5-0.3.3.6 include handlebars 1.3.0. Versions Affected: 0.3.3.5-0.3.3.8 Not affected: 0.3.3.5 Fixed Versions: None Versions of handlebar...
CVE-2014-0083 rubygem-net-ldap: SSHA passwords generated by the net-ldap Ruby gem use a weak salt
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords...
paratrooper-pingdom Gem for Ruby /lib/paratrooper-pingdom.rb API Login Credentials Local Disclosure
paratrooper-pingdom Gem for Ruby contains a flaw in /lib/paratrooper-pingdom.rb. The issue is triggered when the script exposes API login credentials, allowing a local attacker to gain access to the API key, username, and password for the API login by monitoring the process tree...
Possible RCE escalation bug with Serialized Columns in Active Record
There is a possible escalation to RCE when using YAML serialized columns in Active Record. This vulnerability has been assigned the CVE identifier CVE-2022-32224. Versions Affected: All. Not affected: None Fixed Versions: 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1 Impact ------ When serialized columns th...
Heap exposure vulnerability in the socket library
A heap exposure vulnerability was discovered in the socket library. This vulnerability has been assigned the CVE identifier CVE-2020-10933. We strongly recommend upgrading Ruby. When BasicSocketrecvnonblock and BasicSocketreadnonblock are invoked with size and buffer arguments, they initially...
Possible Content Security Policy bypass in Action Dispatch
There is a possible Cross Site Scripting XSS vulnerability in the contentsecuritypolicy helper in Action Pack. Impact Applications which set Content-Security-Policy CSP headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives...
Insufficient URI encoding in restforce
A flaw in how restforce constructs URL's may allow an attacker to inject additional parameters into Salesforce API requests. Impact ------ This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods...
private_address_check Ruby Gem Resolv.getaddresses Server-Side Request Forgery
The privateaddresscheck ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery...
CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...
OS command injection in BibTeX-Ruby
BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...
A code injection vulnerability of Shell#[] and Shell#test
Shell and its alias Shelltest defined in lib/shell.rb allow code injection if the first argument aka the “command” argument is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. Note that passing untrusted data to methods of Shell is dangerous in general. Users must...
Unintentional directory traversal by poisoned NUL byte in Dir
There is an unintentional directory traversal in some methods in Dir Dir.open, Dir.new, Dir.entries and Dir.empty? accept the path of the target directory as their parameter. If the parameter contains NUL \0 bytes, these methods recognize that the path is completed before the NUL bytes. So, if a...
Cross-Site Scripting (XSS) in jquery
Affected versions of jquery interpret text/javascript responses from cross-origin ajax requests, and automatically execute the contents in jQuery.globalEval, even when the ajax request doesn't contain the dataType option...
CVE-2012-2660 rubygem-actionpack: Unsafe query generation
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Summary Under the default configuration, Devise-Two-Factor version = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier...
DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Nokogiri version 1.7.1 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVEs: CVE-2016-4658 CVSS v3 Base Score: 9.8 Critical libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to...
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
The prior fix to CVE-2013-0155 was incomplete and the use of common 3rd party libraries can accidentally circumvent the protection. Due to the way that Rack::Request and Rails::Request interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store...
CVE-2013-1800 rubygem-crack: YAML parameter parsing vulnerability
The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...
CVE-2012-3464 rubygem-actionpack: potential XSS vulnerability
Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' quote character...
CVE-2012-3463 rubygem-actionpack: potential XSS vulnerability in select_tag prompt
Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formtaghelper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the selecttag helper...
Rails has a possible XSS vulnerability in its Action Pack debug exceptions
Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...
HTTP response splitting in CGI
If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application creates a CGI::Cookie object bas...
Devise Token Auth vulnerable to Cross-site Scripting
An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...
Use after free in File#initilialize_copy
In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::Fileinitilializecopy. An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code...
gollum and gollum-lib allow remote authenticated users to execute arbitrary code
The gollum-gritadapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string master is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags...
Reflective XSS Vulnerability in Ruby on Rails
There is a vulnerability in the internationalization component of Ruby on Rails. Under certain common configurations an attacker can provide specially crafted input which will execute a reflective XSS attack. The root cause of this issue is a vulnerability in the i18n gem which has been assigned...
Possible DoS Vulnerability with Range Header in Rack
There is a possible DoS vulnerability relating to the Range request header in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26141. Versions Affected: = 1.3.0. Not affected: 1.3.0 Fixed Versions: 3.0.9.1, 2.2.8.1 Impact Carefully crafted Range headers can cause a server to...
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
Summary Some avo fields are vulnerable to XSS when rendering html based content. Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix...
Puppet Denial of Service and Arbitrary File Write
A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream that triggers...
Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication
Regular expression denial of service vulnerability of WEBrick’s Digest authentication module was found. An attacker can exploit this vulnerability to cause an effective denial of service against a WEBrick service...
Denial of Service Vulnerability in Action View
There is a potential denial of service vulnerability in actionview. This vulnerability has been assigned the CVE identifier CVE-2019-5419. Impact ------ Specially crafted accept headers can cause the Action View template location code to consume 100% CPU, causing the server unable to process...
Reflected XSS in Firefox in check endpoint
When passing an invalid check name as parameter to the endpoint where the easymon routes are mounted, a 406 response with a body that contains the invalid check name unescaped is returned. Malicious JavaScript can be injected into that invalid name and have it executed in Firefox...
mysql-binuuid-rails allows SQL Injection by removing default string escaping
mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. ActiveRecord does not explicitly escape the Binary data type Type::Binary::Data for mysql. mysql-binuuid-rails uses a data type that is derived from the base Binary...
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
The version of libxml2 packaged with Nokogiri contains several vulnerabilities. Nokogiri has mitigated these issues by upgrading to libxml 2.9.5. It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial ...
CVE-2014-0082 rubygem-actionpack: Action View string handling denial of service
actionpack/lib/actionview/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service memory consumption by including these strings in heade...
CVE-2013-0269 rubygem-json: Denial of Service and SQL Injection
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
Possible ReDoS vulnerability in Accept header parsing in Action Dispatch
There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: = 7.1.0, 7.1.3.1 Not affected: 7.1.0 Fixed Versions: 7.1.3.1 Impact Carefully crafted Accept headers can cau...
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
There is a potential denial of service vulnerability present in ActiveRecord’s PostgreSQL adapter. This has been assigned the CVE identifier CVE-2022-44566. Versions Affected: All. Not affected: None. Fixed Versions: 6.1.7.1, 7.0.4.1 Impact In ActiveRecord 7.0.4.1 and 6.1.7.1, when a value outsid...
Open Redirect Vulnerability in Action Pack
There is a vulnerability in Action Controller’s redirectto. This vulnerability has been assigned the CVE identifier CVE-2023-22797. Versions Affected: = 7.0.0 Not affected: 7.0.0 Fixed Versions: 7.0.4.1 Impact There is a possible open redirect when using the redirectto helper with untrusted user...
Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This vulnerability has been assigned the CVE identifier CVE-2022-32209. Versions Affected: ALL Not affected: NONE Fixed Versions: v1.4.3 Impact A possible XSS vulnerability with certain configurations of...
Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
nokogiri version 1.7.2 has been released. This is a security update based on 1.7.1, addressing two upstream libxslt 1.1.29 vulnerabilities classified as "Medium" by Canonical and given a CVSS3 score of "6.5 Medium" and "8.8 High" by RedHat. These patches only apply when using Nokogiri's vendored...
Logstash Logs Sensitive Information
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials...
CVE-2013-0263 rubygem-rack: Timing attack in cookie sessions
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...
CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack
activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...
CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...