Lucene search
K
RubygemsMost viewed

1243 matches found

RubySec
RubySec
•added 2011/08/31 12:0 a.m.•46 views

CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

7AI score0.73327EPSS
Exploits4References1Affected Software1
RubySec
RubySec
•added 2024/06/04 12:0 a.m.•45 views

Missing security headers in Action Pack on non-HTML responses

Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: = 6.1.0 Not affected: 6.1.0 Fixed Versions: 6.1.7.8,...

9.8CVSS5.3AI score0.00658EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2023/08/23 12:0 a.m.•45 views

Possible File Disclosure of Locally Encrypted Files

There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...

5.5CVSS5.3AI score0.00258EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2020/04/29 12:0 a.m.•45 views

Potential XSS vulnerability in jQuery

Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches This problem is patched in jQuery 3.5.0. Workarounds To workaround the issue without upgrading, adding the...

6.9CVSS6.8AI score0.99019EPSS
Exploits7References1Affected Software1
RubySec
RubySec
•added 2020/03/03 12:0 a.m.•45 views

HTTP Response Splitting (Early Hints) in Puma

Impact If an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting...

7.5CVSS6.4AI score0.02487EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2017/11/16 12:0 a.m.•45 views

gollum and gollum-lib allow remote authenticated users to execute arbitrary code

The gollum-gritadapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string master is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags...

8.8CVSS7AI score0.02292EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2016/08/22 12:0 a.m.•45 views

Archive-Tar-Minitar Directory Traversal Vulnerability

Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. Analogous vulnerabilities for unzip and tar: https://www.cvedetails.com/cve/CVE-2001-1268/ and http://www.cvedetails.com/cve/CVE-2001-1267/ Credit: ecneladis...

7.5CVSS4.5AI score0.04742EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2013/06/27 12:0 a.m.•45 views

CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client

The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...

6.8CVSS8.5AI score0.02767EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2012/10/12 12:0 a.m.•45 views

CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character

The rbgetpathcheck function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path...

5CVSS5.6AI score0.02204EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2022/05/03 12:0 a.m.•44 views

sinatra does not validate expanded path matches

Sinatra before 2.2.0 does not validate that the expanded path matches publicdir when serving static files...

7.5CVSS2.3AI score0.02059EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2022/04/11 12:0 a.m.•44 views

XML Injection in Xerces Java affects Nokogiri

Summary Nokogiri v1.13.4 updates the vendored xerces:xercesImpl from 2.12.0 to 2.12.2, which addresses CVE-2022-23437. That CVE is scored as CVSS 6.5 "Medium" on the NVD record. Please note that this advisory only applies to the JRuby implementation of Nokogiri = v1.13.4. Impact CVE-2022-23437 in...

7.1CVSS1.2AI score0.0444EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2020/02/12 12:0 a.m.•44 views

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation

Nokogiri has backported the patch for CVE-2020-7595 into its vendored version of libxml2, and released this as v1.10.8 CVE-2020-7595 has not yet been addressed in an upstream libxml2 release, and so Nokogiri versions = v1.10.7 are vulnerable...

7.5CVSS7.8AI score0.07627EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2019/10/31 12:0 a.m.•44 views

Nokogiri gem, via libxslt, is affected by multiple vulnerabilities

Nokogiri v1.10.5 has been released. This is a security release. It addresses three CVEs in upstream libxml2, for which details are below. If you're using your distro's system libraries, rather than Nokogiri's vendored libraries, there's no security need to upgrade at this time, though you may wan...

7.5CVSS0.06457EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2019/09/23 12:0 a.m.•44 views

Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly

With the consul ruby gem before 1.0.3, if a controller checks multiple powers using :if or :except conditions, these conditions are erroneously applied to all power checks in that controller. This can lead to skipped power checks and hence unauthenticated access to certain controller actions...

9.8CVSS3.2AI score0.02643EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2018/03/28 12:0 a.m.•44 views

HTTP response splitting in WEBrick

There is an HTTP response splitting vulnerability in WEBrick bundled with Ruby. If a script accepts an external input and outputs it without modification as a part of HTTP responses, an attacker can use newline characters to deceive the clients that the HTTP response header is stopped at there, a...

5.3CVSS6.7AI score0.0576EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2016/01/25 12:0 a.m.•44 views

Object leak vulnerability for wildcard controller routes in Action Pack

There is an object leak vulnerability for wildcard controllers in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2015-7581. Versions Affected: = 4.0.0 and 5.0.0.beta1 Not affected: 4.0.0, 5.0.0.beta1 and newer Fixed Versions: 4.2.5.1, 4.1.14.1 Impact ------ Users that ha...

7.5CVSS2.5AI score0.06535EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2015/12/15 12:0 a.m.•44 views

git-fastclone Shell Metacharacter Injection Arbitrary Command Execution

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library...

10CVSS6.2AI score0.04801EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2014/03/26 12:0 a.m.•44 views

CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs

Heap-based buffer overflow in the yamlparserscanuriescapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file...

6.8CVSS7.6AI score0.09264EPSS
Exploits2References1Affected Software1
RubySec
RubySec
•added 2023/06/29 12:0 a.m.•43 views

ReDoS vulnerability in URI

We have released the uri gem version 0.12.2, 0.10.3 that has a security fix for a ReDoS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2023-36617. Details A ReDoS issue was discovered in the URI component through 0.12.1 for Ruby. The URI parser mishandles invalid URLs...

5.3CVSS7AI score0.01698EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2022/02/15 12:0 a.m.•43 views

Hub Package Arbitrary File Overwrite

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file...

3.6CVSS6.8AI score0.00387EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2019/02/15 12:0 a.m.•43 views

XSS vulnerability in bootstrap-sass

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...

6.1CVSS6.3AI score0.1686EPSS
Exploits2References1Affected Software1
RubySec
RubySec
•added 2018/09/13 12:0 a.m.•43 views

Bootstrap Cross-site Scripting vulnerability

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041...

6.1CVSS6.1AI score0.04293EPSS
Exploits2References1Affected Software1
RubySec
RubySec
•added 2018/03/28 12:0 a.m.•43 views

Buffer under-read in String#unpack

Stringunpack receives format specifiers as its parameter, and can be specified the position of parsing the data by the specifier @. If a big number is passed with @, the number is treated as the negative value, and out-of-buffer read is occurred. So, if a script accepts an external input as the...

7.5CVSS6.7AI score0.07825EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2013/01/28 12:0 a.m.•43 views

CVE-2013-0333 rubygem-activesupport: json to yaml parsing

lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...

7.5CVSS7AI score0.98582EPSS
Exploits7References1Affected Software1
RubySec
RubySec
•added 2012/10/12 12:0 a.m.•43 views

Ruby Exception#to_s / NameError#to_s Methods Safe Level Security Bypass

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

5CVSS4.9AI score0.02619EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2011/07/02 12:0 a.m.•43 views

Ruby Random Number Generation Local Denial Of Service Vulnerability

The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...

5CVSS4.8AI score0.0195EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2026/04/02 12:0 a.m.•42 views

Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads

Summary Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size...

7.5CVSS5.9AI score0.00369EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2024/11/20 12:0 a.m.•42 views

Password Pusher rate limiter can be bypassed by forging proxy headers

Impact Password Pusher comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. Patches In v1.49.0, a fix was implemented to...

5.3CVSS6.6AI score0.00522EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2023/06/26 12:0 a.m.•42 views

Possible XSS via User Supplied Values to redirect_to

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been...

4CVSS6.7AI score0.00332EPSS
Exploits2References1Affected Software1
RubySec
RubySec
•added 2022/02/11 12:0 a.m.•42 views

Possible exposure of information vulnerability in Action Pack

Impact Under certain circumstances response bodies will not be closed, for example a bug in a webserver https://github.com/puma/puma/pull/2812 or a bug in a Rack middleware. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for...

7.4CVSS6.5AI score0.02207EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2021/05/05 12:0 a.m.•42 views

Possible Denial of Service vulnerability in Action Dispatch

There is a possible Denial of Service vulnerability in the Mime type parser of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2021-22902. Versions Affected: = 6.0.0 Not affected: \sMIMEPARAMETER\s\z/ end end...

7.5CVSS4.1AI score0.02791EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2020/09/29 12:0 a.m.•42 views

Potential HTTP Request Smuggling Vulnerability in WEBrick

WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to "smuggle" a request. See CWE-444 in detail...

7.5CVSS3.1AI score0.03849EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2017/09/14 12:0 a.m.•42 views

Escape sequence injection vulnerability in the Basic authentication of WEBrick

There is an escape sequence injection vulnerability in the Basic authentication of WEBrick bundled by Ruby. When using the Basic authentication of WEBrick, clients can pass an arbitrary string as the user name. WEBrick outputs the passed user name intact to its log, then an attacker can inject...

9.3CVSS7.4AI score0.16412EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2017/09/14 12:0 a.m.•42 views

Buffer underrun vulnerability in Kernel.sprintf

There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or th...

9.1CVSS1.6AI score0.09718EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2016/01/25 12:0 a.m.•42 views

XSS vulnerability in rails-html-sanitizer

There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's striptags. This vulnerability has been assigned the CVE identifier CVE-2015-7579. Versions Affected: 1.0.2 Not affected: 1.0.0, 1.0.1 Fixed Versions: 1.0.3 Impact ------ Due to the way that Rails::Html::FullSanitizer...

6.1CVSS0.4AI score0.02587EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2015/12/16 12:0 a.m.•42 views

Unsafe tainted string usage in Fiddle and DL

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi. And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed at other branches, then...

8.4CVSS1.3AI score0.005EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2013/12/03 12:0 a.m.•42 views

XSS Vulnerability in number_to_currency

There is an XSS vulnerability in the numbertocurrency helper in Ruby on Raile. The numbertocurrency helper allows users to nicely format a numeric value. One of the parameters to the helper unit is not escaped correctly. Applications which pass user controlled data as the unit parameter are...

4.3CVSS3.3AI score0.03171EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2008/05/05 12:0 a.m.•42 views

ruby -- DNS spoofing vulnerability in resolv.rb

resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports, so resolv.rb is fixed to randomize them...

6.8CVSS5.6AI score0.95182EPSS
Exploits21References1Affected Software1
RubySec
RubySec
•added 2007/10/08 12:0 a.m.•42 views

Ruby Net::HTTPS library does not validate server certificate CN

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

5CVSS4.4AI score0.0187EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2023/01/18 12:0 a.m.•41 views

Denial of service via multipart parsing in Rack

There is a denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44572. Versions Affected: = 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.4.1 Impact Carefully crafted input can cause...

7.5CVSS5.1AI score0.01617EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2019/04/19 12:0 a.m.•41 views

Prototype pollution attack through jQuery $.extend

jQuery before 3.4.0 mishandles jQuery.extendtrue, , ... because of bject.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS2.2AI score0.87218EPSS
Exploits4References1Affected Software1
RubySec
RubySec
•added 2018/05/23 12:0 a.m.•41 views

ruby-grape Gem has XSS via "format" parameter

When request on API contains the "format" parameter in GET, the input value of this parameter is rendered as the web-server responds with text/html header. Example: http://example.com/api/endpoint?format=%3Cscript%3Ealertdocument.cookie%3C/script%3E...

6.1CVSS1.5AI score0.01428EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2017/11/15 12:0 a.m.•41 views

cairo NULL pointer dereference

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FTLoadGlyph and FTRenderGlyph resulting in an application crash...

5.5CVSS3.4AI score0.01839EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2017/10/24 12:0 a.m.•41 views

Unsafe Query Generation Risk in Ruby on Rails

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.1AI score0.046EPSS
Exploits3References1Affected Software1
RubySec
RubySec
•added 2017/09/14 12:0 a.m.•41 views

Heap exposure vulnerability in generating JSON

There is a heap exposure vulnerability in JSON bundled by Ruby. The generate method of JSON module optionally accepts an instance of JSON::Ext::Generator::State class. If a malicious instance is passed, the result may include contents of heap. All users running an affected release should either...

9.8CVSS1.6AI score0.09445EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2016/10/06 12:0 a.m.•41 views

Allows an attacker to inject arbitrary code into your application via any secondary Gem source declared in your Gemfile

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a Gem name collision on a secondary source. Please note that this vulnerability only applies for Ruby projects using Bundler 2.0 with Gemfiles having 2 or more "source" lines. In other words, ...

9.8CVSS6.9AI score0.08482EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2016/07/27 12:0 a.m.•41 views

XSS vulnerability via data-target in bootstrap

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute...

6.1CVSS2.9AI score0.0404EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2016/01/25 12:0 a.m.•41 views

Possible Input Validation Circumvention in Active Model

There is a possible input validation circumvention vulnerability in Active Model. This vulnerability has been assigned the CVE identifier CVE-2016-0753. Versions Affected: 4.1.0 and newer Not affected: 4.0.13 and older Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1 Impact ------ Code that uses...

5.3CVSS0.9AI score0.07157EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2013/10/16 12:0 a.m.•41 views

CVE-2013-4389 rubygem-actionmailer: email address processing DoS

Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...

4.3CVSS4.9AI score0.03135EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2023/04/26 12:0 a.m.•40 views

Buffer overflow in sponge queue functions

Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. Patches Yes, see commit fdc6fef0...

9.8CVSS6.9AI score0.05193EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities1243