Lucene search
+L
RubygemsMost viewed

1255 matches found

RubySec
RubySec
added 2026/03/24 12:0 a.m.14 views

iCalendar has ICS injection via unsanitized URI property values

Summary .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled input, adding arbitrary calendar lines to the output. Details Icalendar::Values::Uri falls back to the raw input string when URI.parse fails and later serializes it with...

4.3CVSS5.8AI score0.00244EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.14 views

Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests

Impact When serving files through Active Storage's Blobs::ProxyController, the controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header e.g. bytes=0- could cause the server to allocate memory proportional to the file size,...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/12/23 12:0 a.m.14 views

httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

Summary There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. Details When httparty receives a path argument that is an absolute URL, it ignores the baseuri field. As a result, if ...

8.8CVSS5.8AI score0.0026EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/05/21 12:0 a.m.14 views

Insufficient input sanitization in ejson2env

Summary The ejson2env tool has a vulnerability related to how it writes to stdout. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values m...

6.6CVSS7.8AI score0.01334EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/09/22 12:0 a.m.14 views

HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier''s position is "Webri...

6.7AI score0.00393EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/05/27 12:0 a.m.14 views

Insecure File Permissions vulnerability in kaminari

kaminari versions prior to 0.16.2 are vulnerable to an Insecure File Permissions vulnerability, where certain files within the kaminari gem have insecure file permissions. Versions Affected: = 0.16.2 Impact An attacker with local access could write arbitrary code to the affected files resulting i...

6.6CVSS7.3AI score0.00595EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/03/15 12:0 a.m.14 views

TurboBoost Commands vulnerable to arbitrary method invocation

Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...

8.1CVSS7.5AI score0.00796EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/01/03 12:0 a.m.14 views

Omniauth::MicrosoftGraph Account takeover (nOAuth)

Summary The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier...

9.8CVSS7AI score0.00904EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2023/07/11 12:0 a.m.14 views

Decidim Cross-site Scripting vulnerability in the external link redirections

Impact The external link feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of...

8.1CVSS6.8AI score0.00816EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2023/07/11 12:0 a.m.14 views

Decidim vulnerable to sensitive data disclosure

Note: added the actual report as a comment. Summary Decidim, a platform for digital citizen participation, uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default, this library allows filtering on all data attributes and associations...

7.5CVSS6.9AI score0.0125EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2023/06/28 12:0 a.m.14 views

Spina Cross-site Scripting vulnerability

Cross-site Scripting XSS - Stored in GitHub repository spinacms/spina prior to 2.15.1...

4.8CVSS6AI score0.00565EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/06/28 12:0 a.m.14 views

ruby-mysql Client File Read

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...

3.5AI score0.02199EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.14 views

Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module

By launching the drbremotecodeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with...

8.8CVSS6.7AI score0.0175EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/17 12:0 a.m.14 views

Code injection in publify

Code Injection in GitHub repository publify/publify prior to 9.2.8...

6.5CVSS7.6AI score0.00855EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/13 12:0 a.m.14 views

smalruby and smalruby-editor vulnerable to OS Command Injection

smalruby-editor prior to 0.4.1 and smalruby prior to 0.1.11 allows remote attackers to execute arbitrary OS commands via unspecified vectors...

10CVSS8.1AI score0.06183EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/05 12:0 a.m.14 views

RubyGem openshift-origin-controller is vulnerable to command injection

'rubygem-openshift-origin-controller: API can be used to create applications via cartridgecache.rb URI.prase to perform command injection'...

9.8CVSS7AI score0.02498EPSS
Exploits1References1
RubySec
RubySec
added 2022/02/14 12:0 a.m.14 views

Heap-based Buffer Overflow in mruby/mruby

Heap-based Buffer Overflow in Homebrew mruby prior to 3.2...

9.8CVSS6.9AI score0.01243EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/11/03 12:0 a.m.14 views

Improper Authorization in Publify

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. guest role users can self-register even when the admin does not allow. This happens due to front-end restriction only...

6.8AI score0.008EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/04/13 12:0 a.m.14 views

Improper Certificate Validation in TweetStream

TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...

5.9CVSS2.9AI score0.00862EPSS
Exploits1References1
RubySec
RubySec
added 2018/06/12 12:0 a.m.14 views

Heap buffer overflow in OP_ENTER

An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OPENTER because a heap-based mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber...

7.5CVSS7AI score0.01552EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/04/30 12:0 a.m.14 views

Auth tag forgery vulnerability with AES-GCM encrypted JWT

Ruby's OpenSSL bindings do not check the length of the supplied authentication tag when decrypting an authenticated encryption mode such as AES-GCM, leaving this up to the authors of a gem/app to implement for properly validating the message. json-jwt was not checking for the authentication tag...

5.3CVSS2.2AI score0.00777EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2015/12/09 12:0 a.m.14 views

CVE-2015-9097 rubygem-mail: SMTP injection via recipient email addresses

The mail gem before 2.5.5 for Ruby aka A Really Ruby Mail Library is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...

6.1CVSS7AI score0.03358EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2015/03/24 12:0 a.m.14 views

HTTPS MitM vulnerability in http.rb

http.rb failed to call the OpenSSL::SSL::SSLSocketpostconnectioncheck method to perform hostname verification. Because of this, an attacker with a valid certificate but with a mismatched subject can perform a MitM attack...

5.9CVSS6AI score0.01521EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2015/02/17 12:0 a.m.14 views

xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table

xaviershay-dm-rails Gem for Ruby contains a flaw in the execute function in /datamapper/dm-rails/blob/master/lib/dm-rails/storage.rb. The issue is due to the function exposing sensitive information via the process table. This may allow a local attack to gain access to MySQL credential information...

5.5CVSS3.6AI score0.00369EPSS
Exploits1References1
RubySec
RubySec
added 2014/04/16 12:0 a.m.14 views

sfpagent Gem for Ruby JSON[body] Module Name Remote Command Execution

sfpagent Gem for Ruby contains a flaw that is triggered as JSONbody input is not properly sanitized when handling module names with shell metacharacters. This may allow a context-dependent attacker to execute arbitrary commands...

7.5CVSS5.1AI score0.02206EPSS
Exploits3References1Affected Software1
RubySec
RubySec
added 2013/12/24 12:0 a.m.14 views

Fat Free CRM Gem for Ruby allows remote attackers to inject or manipulate SQL queries

Fat Free CRM contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the app/controllers/homecontroller.rb script not properly sanitizing user-supplied input to the 'state' parameter or input passed via comments and emails. This may allow a remote attacker to inje...

6.5CVSS3.6AI score0.01927EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2013/11/14 12:0 a.m.14 views

omniauth-facebook Gem for Ruby Insecure Access Token Handling Authentication Bypass

omniauth-facebook Gem for Ruby contains a flaw that is due to the application supporting passing the access token via the URL. This may allow a remote attacker to bypass authentication and authenticate as another user...

7.5CVSS4.2AI score0.01753EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/10/29 12:0 a.m.14 views

Sup did not sanitize the content-type of attachments

Sup MUA contains a flaw that is triggered when handling email attachment content. This may allow a context-dependent attacker to execute arbitrary commands...

6.8CVSS7.4AI score0.03239EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2013/02/21 12:0 a.m.14 views

Spree promotion_actions_controller.rb promotion_action Parameter Arbitrary Ruby Object Instantiation Command Execution

Spree contains a flaw that is triggered when handling input passed via the 'promotionaction' parameter to promotionactionscontroller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands...

5.1AI score0.01531EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/06/09 12:0 a.m.13 views

Net::IMAP: Command Injection via ID command argument

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

5.8CVSS5.4AI score0.00131EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/05/27 12:0 a.m.13 views

Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections

Impact Puma is vulnerable to source IP spoofing when setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used. PROXY protocol v1 is a connection-level protocol. Support was added to Puma in v5.5.0. A proxy sends one PROXY header at the beginning of a TCP connection, befo...

7.5CVSS5.6AI score0.00177EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/05/20 12:0 a.m.13 views

CVE-2026-46727 - Use-after-free in pthread-based getaddrinfo timeout handler

SUMMARY A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that calls Addrinfo.getaddrinfo..., timeout: o...

8.1CVSS5.7AI score0.00478EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/05/08 12:0 a.m.13 views

Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

Summary When the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET request that results in a session timeout. An attacker who hosts a page with an...

6.1CVSS6AI score0.00241EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/05/08 12:0 a.m.13 views

view_component - Preview Route Can Dispatch Inherited Helper Methods'

The preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview examples explicitly defined by the preview class. As a result, inherited public methods on ViewComponent::Preview are route-reachable. The...

6.5CVSS5.9AI score0.00343EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/05/04 12:0 a.m.13 views

net-imap has quadratic complexity when reading response literals

Summary Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. Details For each literal in a response, ResponseReader...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/04/17 12:0 a.m.13 views

Possible arbitrary path traversal and file access via yard server

Impact A path traversal vulnerability was discovered in YARD = 0.9.41 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The original patch in GHSA-xfhh-rx56-rxcr wa...

7.5CVSS6AI score0.00388EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/04/08 12:0 a.m.13 views

Addressable has a Regular Expression Denial of Service in Addressable templates

Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...

7.5CVSS5.8AI score0.0036EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/04/06 12:0 a.m.13 views

rdiscount has an Out-of-bounds Read

Summary A signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process. Details In both...

5.9CVSS7.2AI score0.00275EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.13 views

Rails Active Support has a possible DoS vulnerability in its number helpers

Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.13 views

Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations...

6.9CVSS5.7AI score0.00498EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/11 12:0 a.m.13 views

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

Summary Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardles...

7.5CVSS6AI score0.00217EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/05 12:0 a.m.13 views

Buffer overflow vulnerability in Zlib::GzipReader

A buffer overflow vulnerability exists in Zlib::GzipReader. This vulnerability has been assigned the CVE identifier CVE-2026-27820. We recommend upgrading the zlib gem. Details The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but fails to guarant...

9.8CVSS6AI score0.00561EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/08/07 12:0 a.m.13 views

JWE is missing AES-GCM authentication tag validation in encrypted JWE

Overview The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. Impact - JWEs can be modified to decrypt to an arbitrary value - JWEs can be decrypted by observing parsing differences - The...

9.1CVSS6.4AI score0.00244EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/07/20 12:0 a.m.13 views

Thor can construct an unsafe shell command from library input.

Thor before 1.4.0 can construct an unsafe shell command from library input...

2.8CVSS7.2AI score0.00155EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/06/05 12:0 a.m.13 views

ReDoS Vulnerability in Rack::Multipart handle_mime_head

Summary There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Details Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time,...

8.7CVSS7.1AI score0.01503EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/03/28 12:0 a.m.13 views

Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

Summary A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. Details A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. T...

5.4CVSS6.3AI score0.00242EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2024/03/01 12:0 a.m.13 views

Cross Site Scripting vulnerability in Contribsys Sidekiq

Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions...

6.1CVSS6AI score0.0059EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2024/02/13 12:0 a.m.13 views

sidekiq-unique-jobs UI server vulnerable to XSS & RCE in Redis

Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Details Specially crafted URL query parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, but...

7.1CVSS5.7AI score0.00525EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2023/01/14 12:0 a.m.13 views

Publify Improper Input Validation vulnerability

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10...

9.8CVSS2.5AI score0.00909EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2023/01/14 12:0 a.m.13 views

Integer overflow in publify_core

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10 due to an unlimited length user name field...

9.8CVSS3.3AI score0.30778EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities1255