Lucene search
+L
RubygemsMost viewed

1255 matches found

RubySec
RubySec
added 2022/01/02 12:0 a.m.13 views

Heap-based Buffer Overflow in mruby/mruby

mruby is vulnerable to Heap-based Buffer Overflow...

9.8CVSS6.9AI score0.0141EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/03/29 12:0 a.m.13 views

Improper Certificate Validation in twitter-stream

In voloko twitter-stream 0.1.16, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS4.7AI score0.00884EPSS
Exploits1References1
RubySec
RubySec
added 2020/01/11 12:0 a.m.13 views

stack overflow in mrb_str_len_to_dbl in src/string.c

In mruby 2.1.0, there is a stack-based buffer overflow in mrbstrlentodbl in string.c...

9.8CVSS7.3AI score0.01355EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2018/09/14 12:0 a.m.13 views

smart_proxy_dynflow gem authentication bypass in Foreman remote execution feature

An authentication bypass flaw was found in the smartproxydynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context...

10CVSS4.7AI score0.06007EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2014/06/30 12:0 a.m.13 views

kajam Gem for Ruby /dataset/lib/dataset/database/postgresql.rb Process List Local Plaintext Password Disclosure

kajam Gem for Ruby contains a flaw in /dataset/lib/dataset/database/postgresql.rb that is triggered as the program exposes the MySQL or PostgreSQL password in the process list. This may allow a local attacker to gain access to password information...

7.8CVSS7AI score0.00522EPSS
Exploits1References1
RubySec
RubySec
added 2014/06/30 12:0 a.m.13 views

kcapifony Gem for Ruby /lib/ksymfony1.rb Process List Local Plaintext Password Disclosure

kcapifony Gem for Ruby contains a flaw in /lib/ksymfony1.rb that is triggered as the program displays password information in plaintext in the process list. This may allow a local attacker to gain access to password information...

7.8CVSS6.8AI score0.00522EPSS
Exploits1References1
RubySec
RubySec
added 2014/01/14 12:0 a.m.13 views

echor Gem for Ruby backplane.rb perform_request Function Arbitrary Command Execution

Echor Gem for Ruby contains a flaw in backplane.rb in the performrequest function that is triggered when a semi-colon ; is injected into a username or password. This may allow a context-dependent attacker to inject arbitrary commands if the gem is used in a rails application...

7.8CVSS4.1AI score0.00409EPSS
Exploits0References1
RubySec
RubySec
added 2013/03/26 12:0 a.m.13 views

Thumbshooter Gem for Ruby thumbshooter.rb URL Shell Metacharacter Injection Arbitrary Command Execution

Thumbshooter Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to thumbshooter.rb. With a specially crafted URL that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...

7.5CVSS6.8AI score0.02108EPSS
Exploits0References1
RubySec
RubySec
added 2013/02/28 12:0 a.m.13 views

ftpd Gem for Ruby Shell Character Handling Remote Command Injection

ftpd Gem for Ruby contains a flaw that is triggered when handling a specially crafted option or filename that contains a shell character. This may allow a remote attacker to inject arbitrary commands...

10CVSS3.4AI score0.03544EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/06/09 12:0 a.m.12 views

Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

2.1CVSS5.7AI score0.00239EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/05/04 12:0 a.m.12 views

net-imap vulnerable to command Injection via "raw" arguments to multiple commands

Summary Several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. Details Net::IMAP's...

9.8CVSS5.9AI score0.00429EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/04/22 12:0 a.m.12 views

OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames

Summary OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path...

4.3CVSS5.9AI score0.00313EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/04/17 12:0 a.m.12 views

Possible arbitrary path traversal and file access via yard server

Impact A path traversal vulnerability was discovered in YARD = 0.9.41 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The original patch in GHSA-xfhh-rx56-rxcr wa...

7.5CVSS6AI score0.00388EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/04/14 12:0 a.m.12 views

Decidim's comments API allows access to all commentable resources

Impact The root level commentable field in the API allows access to all commentable resources within the platform, without any permission checks. All Decidim instances are impacted that have not secured the /api endpoint. The /api endpoint is publicly available with the default configuration...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/04/09 12:0 a.m.12 views

bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts

ARC broadcaster treats failure statuses as successful broadcasts Summary BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are silently...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/04/02 12:0 a.m.12 views

Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect

Summary Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not escaped, an attacker who can supply X-Accel-Mapping to the backend can inject regex...

7.5CVSS5.8AI score0.00209EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.12 views

Rails has a possible XSS vulnerability in its Action View tag helpers

Impact When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Application...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/10/07 12:0 a.m.12 views

Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Summary Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or more can consume equivalent process memory, potentially leading to out-of-memory OOM...

7.5CVSS6.8AI score0.00528EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/08/07 12:0 a.m.12 views

JWE is missing AES-GCM authentication tag validation in encrypted JWE

Overview The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. Impact - JWEs can be modified to decrypt to an arbitrary value - JWEs can be decrypted by observing parsing differences - The...

9.1CVSS6.4AI score0.00244EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/07/14 12:0 a.m.12 views

Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class

Impact There is an arbitrary code execution vulnerability in the CsvEnumerator class of the job-iteration repository. This vulnerability can be exploited by an attacker to execute arbitrary commands on the system where the application is running, potentially leading to unauthorized access, data...

9.3CVSS7.2AI score0.00706EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/03/27 12:0 a.m.12 views

Pitchfork HTTP Request/Response Splitting vulnerability

Impact HTTP Response Header Injection in Pitchfork Versions 0.11.0 when used in conjunction with Rack 3 Patches The issue was fixed in Pitchfork release 0.11.0 Workarounds There are no known work arounds. Users must upgrade...

4.3CVSS7.4AI score0.00269EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/02/24 12:0 a.m.12 views

Phusion Passenger denial of service

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

7.5CVSS6.7AI score0.0057EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/10/02 12:0 a.m.12 views

OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)

Summary A path traversal vulnerability inside of LocalMode's openlocalfile method allows an authenticated user with adequate permissions to download any .txt via the ScreensControllershow on the web server COSMOS is running on depending on the file permissions. Note: This CVE affects all OpenC3...

6.5CVSS6.4AI score0.00912EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/10/02 12:0 a.m.12 views

OpenC3 stores passwords in clear text (`GHSL-2024-129`)

Summary OpenC3 COSMOS stores the password of a user unencrypted in the LocalStorage of a web browser. This makes the user password susceptible to exfiltration via Cross-site scripting see GHSL-2024-128. Note: This CVE only affects Open Source edition, and not OpenC3 COSMOS Enterprise Edition Impa...

6.5CVSS6.4AI score0.00342EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/14 12:0 a.m.12 views

Elasticsearch Logstash allows remote attackers to execute arbitrary commands

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in 1 zabbix.rb or 2 nagiosnsca.rb in outputs/...

7.5CVSS7.2AI score0.03297EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/04/02 12:0 a.m.12 views

Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

9.8CVSS7.5AI score0.02713EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2006/05/14 12:0 a.m.12 views

High severity vulnerability that affects rwiki

The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors...

7.5CVSS7.7AI score0.01555EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/06/10 12:0 a.m.11 views

Savon::Model evaluates WSDL operation names as Ruby source

Savon::Model generated SOAP operation methods by interpolating operation names into Ruby source passed to moduleeval. An attacker who can control the operation names of a WSDL, can inject Ruby code that executes in the application process. This affects only the .alloperations class method provide...

5.8AI score
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/06/09 12:0 a.m.11 views

Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. Details Raw...

5.8CVSS5.7AI score0.00491EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/04/22 12:0 a.m.11 views

OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...

4.6CVSS5.9AI score0.002EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/04/02 12:0 a.m.11 views

Rack::Request accepts invalid Host characters, enabling host allowlist bypass

Summary Rack::Request parses the Host header using an AUTHORITY regular expression that accepts characters not permitted in RFC-compliant hostnames, including /, ?, , and @. Because req.host returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be...

6.5CVSS5.8AI score0.00192EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2026/04/02 12:0 a.m.11 views

Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

Summary Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a response encoding, an unauthenticated attacker can send a single request with a crafted...

7.5CVSS6.5AI score0.01996EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.11 views

Rails Active Storage has possible content type bypass via metadata in direct uploads

Impact Active Storage's DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the same metadata hash, a malicious direct-upload client could set these flags. Releases The fixed releases are...

5.3CVSS5.9AI score0.0039EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.11 views

Rails Active Storage has possible Path Traversal in DiskService

Impact Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences e.g. ../ is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are...

9.8CVSS5.9AI score0.00567EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/10/07 12:0 a.m.11 views

Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

Summary Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of...

7.5CVSS7AI score0.00868EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/08/29 12:0 a.m.11 views

Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...

4.2CVSS6.6AI score0.00211EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/08/27 12:0 a.m.11 views

Google Sign-In for Rails allowed redirects to malformed URLs

Summary It is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is malformed, it's possible for the user to be...

4.2CVSS6.8AI score0.00224EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/08/20 12:0 a.m.11 views

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

9.8CVSS7.5AI score0.02464EPSS
Exploits1References1
RubySec
RubySec
added 2025/08/14 12:0 a.m.11 views

Active Storage allowed transformation methods that were potentially unsafe

Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...

9.2CVSS7.6AI score0.02388EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/07/30 12:0 a.m.11 views

Ruby SAML DOS vulnerability with large SAML response

Summary A denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. Details ruby-saml...

6.9CVSS7.3AI score0.00384EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/07/02 12:0 a.m.11 views

HashiCorp Vagrant has code injection vulnerability through default synced folders

An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...

6.5AI score
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/06/13 12:0 a.m.11 views

OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal...

9.1CVSS7.3AI score0.00856EPSS
Exploits1References1
RubySec
RubySec
added 2024/02/07 12:0 a.m.11 views

CKEditor cross-site scripting vulnerability in AJAX sample

Affected packages The vulnerability has been discovered in the AJAX sample available at the samples/old/ajax.html file location. All integrators that use that sample in the production code can be affected. Impact A potential vulnerability has been discovered in one of CKEditor's 4 samples that ar...

6.1CVSS7.4AI score0.00878EPSS
Exploits1References1
RubySec
RubySec
added 2022/02/09 12:0 a.m.11 views

Business Logic Errors in Publify

Publify formerly known as Typo prior to version 9.2.7 is vulnerable to business logic errors...

7.5CVSS3.6AI score0.01567EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2014/01/14 12:0 a.m.11 views

echor Gem for Ruby Process Listing Local Plaintext Credential Disclosure

echor Gem for Ruby contains a flaw that is due to the program exposing credential information in the system process listing. This may allow a local attacker to gain access to plaintext credential information...

7.8CVSS6.9AI score0.00344EPSS
Exploits0References1
RubySec
RubySec
added 2013/10/08 12:0 a.m.11 views

Wicked Gem for Ruby contains a flaw

Wicked Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed via the 'thestep' parameter upon submission to the renderredirect.rb script. This may allow a remote attacker to gain access to arbitrary files...

5CVSS7.1AI score0.02958EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/06/04 12:0 a.m.10 views

Dynamic Client Registration feature creates public clients with client_secret

Impact The DynamicClientRegistrationControllerregister action hard-codes confidential: false when creating applications dynamicclientregistrationcontroller.rb:18-25, yet the response includes a clientsecret and advertises tokenendpointauthmethodssupported: "clientsecretbasic", "clientsecretpost"...

5.5AI score0.00058EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/05/07 12:0 a.m.10 views

Session cookies can be replayed after user logout

Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/05/04 12:0 a.m.10 views

net-imap vulnerable to command Injection via unvalidated Symbol inputs

Summary Symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. Details Symbol arguments represent IMAP "system flags", which are formatted as "atoms" with no quoting with a "" prefix. Vulnerable versions of Net::IMAP...

7.1CVSS5.9AI score0.00813EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/04/22 12:0 a.m.10 views

OpenC3 COSMOS - Hijacked session token can be used to reset password for persistence

Summary The OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid session token instead. In assumed breach scenarios, this behaviour can be exploited by an attacker who has already obtained a valid session token, to ga...

8.1CVSS5.8AI score0.00305EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities1255