Lucene search
K
RubygemsMost viewed

1243 matches found

RubySec
RubySec
added 2021/12/02 12:0 a.m.53 views

Unsafe HTTP Redirect in Puppet Agent and Puppet Server

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...

9.8CVSS0.3AI score0.01328EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/12/26 12:0 a.m.53 views

Prototype Pollution in handlebars

The bootstrap-wysihtml5-rails gem includes the vendored JavaScript library 'handlebars.js'. Versions 0.3.3.7-0.3.3.8 include handlebars 3.0.2, and versions 0.3.3.5-0.3.3.6 include handlebars 1.3.0. Versions Affected: 0.3.3.5-0.3.3.8 Not affected: 0.3.3.5 Fixed Versions: None Versions of handlebar...

9.8CVSS7.7AI score0.07066EPSS
Exploits0References1
RubySec
RubySec
added 2019/10/01 12:0 a.m.53 views

A NUL injection vulnerability of File.fnmatch and File.fnmatch?

Built-in methods File.fnmatch and its alias File.fnmatch? accept the path pattern as their first parameter. When the pattern contains NUL character \0, the methods recognize that the path pattern ends immediately before the NUL byte. Therefore, a script that uses an external input as the pattern...

6.5CVSS3.3AI score0.03317EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2014/02/13 12:0 a.m.53 views

CVE-2014-0083 rubygem-net-ldap: SSHA passwords generated by the net-ldap Ruby gem use a weak salt

The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords...

5.5CVSS5.6AI score0.00275EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/12/26 12:0 a.m.53 views

paratrooper-pingdom Gem for Ruby /lib/paratrooper-pingdom.rb API Login Credentials Local Disclosure

paratrooper-pingdom Gem for Ruby contains a flaw in /lib/paratrooper-pingdom.rb. The issue is triggered when the script exposes API login credentials, allowing a local attacker to gain access to the API key, username, and password for the API login by monitoring the process tree...

2.1CVSS2.9AI score0.0041EPSS
Exploits1References1
RubySec
RubySec
added 2024/01/08 12:0 a.m.52 views

Puma HTTP Request/Response Smuggling vulnerability

Impact Prior to versions 6.4.2 and 5.6.8, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource CPU, network...

7.5CVSS7AI score0.00958EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/07/12 12:0 a.m.52 views

Possible RCE escalation bug with Serialized Columns in Active Record

There is a possible escalation to RCE when using YAML serialized columns in Active Record. This vulnerability has been assigned the CVE identifier CVE-2022-32224. Versions Affected: All. Not affected: None Fixed Versions: 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1 Impact ------ When serialized columns th...

9.8CVSS2.5AI score0.02386EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/03/31 12:0 a.m.52 views

Heap exposure vulnerability in the socket library

A heap exposure vulnerability was discovered in the socket library. This vulnerability has been assigned the CVE identifier CVE-2020-10933. We strongly recommend upgrading Ruby. When BasicSocketrecvnonblock and BasicSocketreadnonblock are invoked with size and buffer arguments, they initially...

5.3CVSS1.3AI score0.02564EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2024/12/10 12:0 a.m.51 views

Possible Content Security Policy bypass in Action Dispatch

There is a possible Cross Site Scripting XSS vulnerability in the contentsecuritypolicy helper in Action Pack. Impact Applications which set Content-Security-Policy CSP headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives...

2.3CVSS5.6AI score0.01009EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/07/27 12:0 a.m.51 views

Insufficient URI encoding in restforce

A flaw in how restforce constructs URL's may allow an attacker to inject additional parameters into Salesforce API requests. Impact ------ This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods...

9.8CVSS0.9AI score0.01506EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/03/29 12:0 a.m.51 views

Revert libxml2 behavior in Nokogiri gem that could cause XSS

MRI Behavior in libxml2 has been reverted which caused CVE-2018-8048 loofah gem, CVE-2018-3740 sanitize gem, and CVE-2018-3741 rails-html-sanitizer gem. The commit in question is here: https://github.com/GNOME/libxml2/commit/960f0e2 and more information is available about this commit and its impa...

6.1CVSS0.7AI score0.01984EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/11/07 12:0 a.m.51 views

private_address_check Ruby Gem Resolv.getaddresses Server-Side Request Forgery

The privateaddresscheck ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery...

8.1CVSS1.4AI score0.02415EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/01/08 12:0 a.m.51 views

CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS3.9AI score0.08245EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/02/14 12:0 a.m.50 views

OS command injection in BibTeX-Ruby

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

10CVSS2.9AI score0.0281EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2018/03/28 12:0 a.m.50 views

Unintentional directory traversal by poisoned NUL byte in Dir

There is an unintentional directory traversal in some methods in Dir Dir.open, Dir.new, Dir.entries and Dir.empty? accept the path of the target directory as their parameter. If the parameter contains NUL \0 bytes, these methods recognize that the path is completed before the NUL bytes. So, if a...

9.1CVSS6.9AI score0.10098EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/01/22 12:0 a.m.50 views

Cross-Site Scripting (XSS) in jquery

Affected versions of jquery interpret text/javascript responses from cross-origin ajax requests, and automatically execute the contents in jQuery.globalEval, even when the ajax request doesn't contain the dataType option...

6.1CVSS7.1AI score0.29726EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2024/09/17 12:0 a.m.49 views

Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length

Summary Under the default configuration, Devise-Two-Factor version = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier...

6CVSS6.9AI score0.00641EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/03/11 12:0 a.m.49 views

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt

Nokogiri version 1.7.1 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVEs: CVE-2016-4658 CVSS v3 Base Score: 9.8 Critical libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to...

10CVSS5.4AI score0.08628EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/12/03 12:0 a.m.49 views

Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)

The prior fix to CVE-2013-0155 was incomplete and the use of common 3rd party libraries can accidentally circumvent the protection. Due to the way that Rack::Request and Rails::Request interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store...

6.4CVSS3.5AI score0.08245EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2013/01/09 12:0 a.m.49 views

CVE-2013-1800 rubygem-crack: YAML parameter parsing vulnerability

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...

7.5CVSS6.4AI score0.04952EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2012/08/09 12:0 a.m.49 views

CVE-2012-3463 rubygem-actionpack: potential XSS vulnerability in select_tag prompt

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formtaghelper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the selecttag helper...

4.3CVSS4.1AI score0.01306EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2012/08/09 12:0 a.m.49 views

CVE-2012-3464 rubygem-actionpack: potential XSS vulnerability

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' quote character...

4.3CVSS4AI score0.02568EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.48 views

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/11/22 12:0 a.m.48 views

HTTP response splitting in CGI

If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application creates a CGI::Cookie object bas...

8.8CVSS6.9AI score0.02287EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.48 views

Devise Token Auth vulnerable to Cross-site Scripting

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

6.1CVSS4.7AI score0.00927EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/10/01 12:0 a.m.48 views

A code injection vulnerability of Shell#[] and Shell#test

Shell and its alias Shelltest defined in lib/shell.rb allow code injection if the first argument aka the “command” argument is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. Note that passing untrusted data to methods of Shell is dangerous in general. Users must...

8.1CVSS3.2AI score0.04221EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2017/11/16 12:0 a.m.48 views

gollum and gollum-lib allow remote authenticated users to execute arbitrary code

The gollum-gritadapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string master is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags...

8.8CVSS7AI score0.02292EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/12/03 12:0 a.m.48 views

Reflective XSS Vulnerability in Ruby on Rails

There is a vulnerability in the internationalization component of Ruby on Rails. Under certain common configurations an attacker can provide specially crafted input which will execute a reflective XSS attack. The root cause of this issue is a vulnerability in the i18n gem which has been assigned...

4.3CVSS3.8AI score0.02233EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/02/21 12:0 a.m.47 views

Possible DoS Vulnerability with Range Header in Rack

There is a possible DoS vulnerability relating to the Range request header in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26141. Versions Affected: = 1.3.0. Not affected: 1.3.0 Fixed Versions: 3.0.9.1, 2.2.8.1 Impact Carefully crafted Range headers can cause a server to...

7.5CVSS7AI score0.01612EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/10/01 12:0 a.m.47 views

Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication

Regular expression denial of service vulnerability of WEBrick’s Digest authentication module was found. An attacker can exploit this vulnerability to cause an effective denial of service against a WEBrick service...

7.8CVSS6.7AI score0.05128EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/11/09 12:0 a.m.47 views

Reflected XSS in Firefox in check endpoint

When passing an invalid check name as parameter to the endpoint where the easymon routes are mounted, a 406 response with a body that contains the invalid check name unescaped is returned. Malicious JavaScript can be injected into that invalid name and have it executed in Firefox...

6.1CVSS1.5AI score0.00896EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/10/19 12:0 a.m.47 views

mysql-binuuid-rails allows SQL Injection by removing default string escaping

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns. ActiveRecord does not explicitly escape the Binary data type Type::Binary::Data for mysql. mysql-binuuid-rails uses a data type that is derived from the base Binary...

9.8CVSS2.2AI score0.01789EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2013/02/12 12:0 a.m.47 views

CVE-2013-0269 rubygem-json: Denial of Service and SQL Injection

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS7.5AI score0.13911EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2023/06/06 12:0 a.m.46 views

avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields

Summary Some avo fields are vulnerable to XSS when rendering html based content. Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix...

7.3CVSS6.4AI score0.00563EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2023/01/18 12:0 a.m.46 views

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter

There is a potential denial of service vulnerability present in ActiveRecord’s PostgreSQL adapter. This has been assigned the CVE identifier CVE-2022-44566. Versions Affected: All. Not affected: None. Fixed Versions: 6.1.7.1, 7.0.4.1 Impact In ActiveRecord 7.0.4.1 and 6.1.7.1, when a value outsid...

7.5CVSS7.4AI score0.01265EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/06/09 12:0 a.m.46 views

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer

There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This vulnerability has been assigned the CVE identifier CVE-2022-32209. Versions Affected: ALL Not affected: NONE Fixed Versions: v1.4.3 Impact A possible XSS vulnerability with certain configurations of...

6.1CVSS1.2AI score0.29316EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/14 12:0 a.m.46 views

Puppet Denial of Service and Arbitrary File Write

A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream that triggers...

3.5CVSS6.5AI score0.02553EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/03/13 12:0 a.m.46 views

Denial of Service Vulnerability in Action View

There is a potential denial of service vulnerability in actionview. This vulnerability has been assigned the CVE identifier CVE-2019-5419. Impact ------ Specially crafted accept headers can cause the Action View template location code to consume 100% CPU, causing the server unable to process...

7.8CVSS1.8AI score0.08671EPSS
Exploits3References1Affected Software1
RubySec
RubySec
added 2016/06/16 12:0 a.m.47 views

Logstash Logs Sensitive Information

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials...

6.5CVSS6.9AI score0.01081EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2014/02/18 12:0 a.m.46 views

CVE-2014-0082 rubygem-actionpack: Action View string handling denial of service

actionpack/lib/actionview/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service memory consumption by including these strings in heade...

5CVSS6.1AI score0.06193EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/02/07 12:0 a.m.46 views

CVE-2013-0263 rubygem-rack: Timing attack in cookie sessions

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS7.3AI score0.05281EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/01/08 12:0 a.m.46 views

CVE-2013-0156 rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack

activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...

7.5CVSS6.3AI score0.99449EPSS
Exploits21References1Affected Software1
RubySec
RubySec
added 2011/08/31 12:0 a.m.46 views

CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

7AI score0.73327EPSS
Exploits4References1Affected Software1
RubySec
RubySec
added 2024/02/21 12:0 a.m.45 views

Possible ReDoS vulnerability in Accept header parsing in Action Dispatch

There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: = 7.1.0, 7.1.3.1 Not affected: 7.1.0 Fixed Versions: 7.1.3.1 Impact Carefully crafted Accept headers can cau...

7.5CVSS7AI score0.01498EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2023/03/13 12:0 a.m.45 views

DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements

NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...

6.3CVSS6.2AI score0.00643EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2023/01/18 12:0 a.m.45 views

Open Redirect Vulnerability in Action Pack

There is a vulnerability in Action Controller’s redirectto. This vulnerability has been assigned the CVE identifier CVE-2023-22797. Versions Affected: = 7.0.0 Not affected: 7.0.0 Fixed Versions: 7.0.4.1 Impact There is a possible open redirect when using the redirectto helper with untrusted user...

6.1CVSS6.6AI score0.00595EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2020/04/29 12:0 a.m.45 views

Potential XSS vulnerability in jQuery

Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches This problem is patched in jQuery 3.5.0. Workarounds To workaround the issue without upgrading, adding the...

6.9CVSS6.8AI score0.99019EPSS
Exploits7References1Affected Software1
RubySec
RubySec
added 2017/11/16 12:0 a.m.45 views

gollum and gollum-lib allow remote authenticated users to execute arbitrary code

The gollum-gritadapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string master is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags...

8.8CVSS7AI score0.02292EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2016/08/22 12:0 a.m.45 views

Archive-Tar-Minitar Directory Traversal Vulnerability

Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. Analogous vulnerabilities for unzip and tar: https://www.cvedetails.com/cve/CVE-2001-1268/ and http://www.cvedetails.com/cve/CVE-2001-1267/ Credit: ecneladis...

7.5CVSS4.5AI score0.04742EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2013/06/27 12:0 a.m.45 views

CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client

The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

6.8CVSS8.5AI score0.02767EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities1243