Lucene search
K
RubygemsMost viewed

1243 matches found

RubySec
RubySec
•added 2023/04/26 12:0 a.m.•40 views

Buffer overflow in sponge queue functions

Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. Patches Yes, see commit fdc6fef0...

9.8CVSS6.9AI score0.05193EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2023/01/18 12:0 a.m.•40 views

SQL Injection Vulnerability via ActiveRecord comments

There is a possible vulnerability in ActiveRecord related to the sanitization of comments. This vulnerability has been assigned the CVE identifier CVE-2023-22794. Versions Affected: = 6.0.0 Not affected: All users running an affected release should either upgrade or use one of the workarounds...

8.8CVSS8.6AI score0.02153EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2022/11/30 12:0 a.m.•40 views

Sinatra vulnerable to Reflected File Download attack

An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input...

8.8CVSS2.4AI score0.00642EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2020/03/14 12:0 a.m.•40 views

Sort order SQL injection via `direction` parameter in administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

8.1CVSS3.1AI score0.009EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2019/06/04 12:0 a.m.•40 views

XSS Vulnerability in Chartkick Ruby Gem

Chartkick is vulnerable to a cross-site scripting XSS attack if both the following conditions are met: Condition 1: It's used with ActiveSupport.escapehtmlentitiesinjson = false this is not the default for Rails OR used with a non-Rails framework like Sinatra. Condition 2: Untrusted data or optio...

4.7CVSS2AI score0.00772EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2016/12/21 12:0 a.m.•40 views

CSRF vulnerability in rails_admin

The railsadmin gem is vulnerable to cross-site request forgery CSRF attacks. Due to a bug, non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...

8.8CVSS2.4AI score0.00983EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2016/07/27 12:0 a.m.•40 views

XSS vulnerability via data-target in bootstrap-sass

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute...

6.1CVSS3.1AI score0.0404EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2014/11/13 12:0 a.m.•40 views

CVE-2014-8090 ruby: REXML incomplete fix for CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

5CVSS5.8AI score0.056EPSS
Exploits2References1Affected Software1
RubySec
RubySec
•added 2013/05/29 12:0 a.m.•40 views

CVE-2013-2119 rubygem-passenger: incorrect temporary file usage

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service prevent application start or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem...

4.6CVSS6.2AI score0.004EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2012/08/09 12:0 a.m.•40 views

CVE-2012-3465 rubygem-actionpack: XSS Vulnerability in strip_tags

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup...

4.3CVSS4AI score0.01977EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2012/08/08 12:0 a.m.•40 views

Chef Improper Access Control Vulnerability

chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI...

6.5CVSS7.3AI score0.0157EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2012/03/01 12:0 a.m.•40 views

CVE-2012-1098 rubygem-activesupport: XSS in SafeBuffer#[] (unescaped safe buffers can be marked as safe)

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

4.3CVSS4AI score0.02137EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2008/08/12 12:0 a.m.•40 views

Algorithmic complexity vulnerability in the WEBrick

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

7.8CVSS7.1AI score0.70202EPSS
Exploits3References1Affected Software1
RubySec
RubySec
•added 2026/04/02 12:0 a.m.•40 views

Rack has Content-Length mismatch in Rack::Files error responses

Summary Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the number of bytes actually sent on the wire. Because Rack::Files reflects the...

6.5CVSS5.8AI score0.00147EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2025/02/10 12:0 a.m.•39 views

Possible DoS by memory exhaustion in net-imap

Summary There is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is connected, a malicious server can send can send highly compressed uid-set data which is automatically read by the client's receiver thread. The response parser...

6.5CVSS6.4AI score0.00608EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2024/05/16 12:0 a.m.•39 views

REXML contains a denial of service vulnerability

Impact The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many s in an attribute value. If you need to parse untrusted XMLs, you many be impacted to this vulnerability. Patches The REXML gem 3.2.7 or later include the patch to fix this vulnerability. Workarounds Don...

5.3CVSS6.4AI score0.02064EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2024/04/23 12:0 a.m.•39 views

Arbitrary memory address read vulnerability with Regex search

If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. We recommend to update the Ruby to version 3.3.1 or later. In order to ensure compatibility with older Ruby...

6.6CVSS7.3AI score0.00629EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2024/02/03 9:0 p.m.•39 views

Improper Handling of Unexpected Data Type in Nokogiri

Summary Nokogiri v1.16.2 upgrades the version of its dependency libxml2 to v2.12.5. libxml2 v2.12.5 addresses the following vulnerability: CVE-2024-25062 / https://vulners.com/cve/CVE-2024-25062 described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 patched by...

6.6AI score0.01364EPSS
Exploits3References1Affected Software1
RubySec
RubySec
•added 2023/08/18 12:0 a.m.•39 views

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in puma

Impact Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. The following vulnerabilities are addressed by this advisory: - Incorrect parsing of trailing fields ...

9.8CVSS6.9AI score0.00738EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2023/01/18 12:0 a.m.•39 views

ReDoS based DoS vulnerability in Active Support’s underscore

There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796. Versions Affected: All Not affected: None Fixed Versions: 6.1.7.1, 7.0.4.1 Impact A specially crafted string passed to the underscore method ca...

7.5CVSS7.4AI score0.01712EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2023/01/18 12:0 a.m.•39 views

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in combination with a...

7.5CVSS7.3AI score0.01695EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2022/09/10 12:0 a.m.•39 views

PDFKit vulnerable to Command Injection

The package pdfkit from version 0.0.0 through version 0.8.6 is vulnerable to Command Injection where the URL is not properly sanitized...

9.8CVSS3.9AI score0.39389EPSS
Exploits11References1Affected Software1
RubySec
RubySec
•added 2020/06/17 12:0 a.m.•39 views

Untrusted users able to run pending migrations in production

There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. This vulnerability has been assigned the CVE identifier CVE-2020-8185. Versions Affected: 6.0.0 = 6.0.3.2 Impact ------ Using this issu...

6.5CVSS4.3AI score0.02181EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2019/12/05 12:0 a.m.•39 views

Keepalive thread overload/DoS in puma

A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough...

7.5CVSS6.6AI score0.0196EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2018/04/13 12:0 a.m.•39 views

Moderate severity vulnerability that affects nokogiri

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. References: -...

6.5CVSS7.2AI score0.02706EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2018/02/21 12:0 a.m.•39 views

Doorkeeper gem has stored XSS on authorization consent view

Stored XSS on the OAuth Client's name will cause users being prompted for consent via the "implicit" grant type to execute the XSS payload. The XSS attack could gain access to the user's active session, resulting in account compromise. Any user is susceptible if they click the authorization link...

6.1CVSS2.7AI score0.01479EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2017/07/11 12:0 a.m.•39 views

Stored XSS in "gemirro" via injection in Gemspec "homepage" value

Stored cross-site scripting XSS vulnerability in Gemirro allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to build a gem for...

6.1CVSS1.4AI score0.00814EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2015/12/15 12:0 a.m.•39 views

Nokogiri gem contains several vulnerabilities in libxml2

Nokogiri version 1.6.7.1 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVEs: CVE-2015-5312 CVSS v2 Base Score: 7.1 HIGH The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion,...

7.1CVSS3.4AI score0.0721EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2015/03/24 12:0 a.m.•39 views

CVE-2015-1820 rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses

REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

9.8CVSS8.6AI score0.04345EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2013/02/22 12:0 a.m.•39 views

CVE-2013-1821 ruby: entity expansion DoS vulnerability in REXML

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

5CVSS5.6AI score0.06671EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2013/02/11 12:0 a.m.•39 views

CVE-2013-0276 rubygem-activerecord/rubygem-activemodel: circumvention of attr_protected

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

4.3CVSS6.3AI score0.0246EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2023/07/06 12:0 a.m.•38 views

gRPC connection termination issue

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyo...

5.3CVSS6.9AI score0.00531EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2022/05/13 12:0 a.m.•38 views

Camaleon CMS vulnerable to Stored Cross-site Scripting

In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false...

6.1CVSS2.8AI score0.01049EPSS
Exploits2References1
RubySec
RubySec
•added 2022/02/24 12:0 a.m.•38 views

CVE-2022-25857 jruby/psych/snakeyaml: Denial of Service (DoS) due missing to nested depth limitation for collections

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections. This package is bundled into Psych which is in turn bundled into jruby...

7.5CVSS7.6AI score0.02191EPSS
Exploits2References1Affected Software1
RubySec
RubySec
•added 2021/10/26 12:0 a.m.•38 views

XSS in the `of` option of the `.position()` util in jquery-ui

Impact Accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. For example, invoking the following code: js $"element".position my: "left top", at: "right bottom", of: "", collision: "none" ; will call the doEvilThing function. Patches The iss...

6.5CVSS6.8AI score0.44515EPSS
Exploits2References1Affected Software1
RubySec
RubySec
•added 2016/08/22 12:0 a.m.•38 views

Minitar Directory Traversal Vulnerability

Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. Analogous vulnerabilities for unzip and tar: https://www.cvedetails.com/cve/CVE-2001-1268/ and http://www.cvedetails.com/cve/CVE-2001-1267/ Credit: ecneladis...

7.5CVSS4.6AI score0.04742EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2016/01/14 12:0 a.m.•38 views

Ember.js XSS Vulnerability with User-Supplied JSON

By default, Ember will escape any values in Handlebars templates that use double curlies value. Developers can specifically opt out of this escaping behavior by passing an instance of SafeString rather than a raw string, which tells Ember that it should not escape the string because the developer...

6.1CVSS1.4AI score0.00816EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2015/04/13 12:0 a.m.•38 views

Ruby OpenSSL Hostname Verification

After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby’s OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching o...

5.9CVSS1.7AI score0.02815EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2012/11/23 12:0 a.m.•38 views

CVE-2012-5370 jruby: Murmur hash function collisions (oCERT-2012-001)

JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table, as demonstrated by a universal...

5CVSS5.3AI score0.02249EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2012/10/12 12:0 a.m.•38 views

Ruby name_err_mesg_to_str Method Safe Level Security Bypass

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the nameerrmesgtostr API function, which marks the string as tainted, a different vulnerability than...

5CVSS5.2AI score0.02619EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2012/03/01 12:0 a.m.•38 views

CVE-2012-1099 rubygem-actionpack: XSS in the "select" helper

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

4.3CVSS5.3AI score0.02504EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2023/01/18 12:0 a.m.•37 views

Denial of Service Vulnerability in Rack Content-Disposition parsing

There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44571. Versions Affected: = 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.4.1 Impact Carefully crafted input...

7.5CVSS4.1AI score0.01503EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2023/01/18 12:0 a.m.•37 views

ReDoS based DoS vulnerability in GlobalID

There is a ReDoS based DoS vulnerability in the GlobalID gem. This vulnerability has been assigned the CVE identifier CVE-2023-22799. Versions Affected: = 0.2.1 Not affected: 0.2.1 Fixed Versions: 1.0.1 Impact There is a possible DoS vulnerability in the model name parsing section of the GlobalID...

7.5CVSS3.7AI score0.01049EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2022/10/04 12:0 a.m.•37 views

protobuf-java has a potential Denial of Service issue

Summary A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

7.5CVSS3.3AI score0.01048EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2022/05/13 12:0 a.m.•37 views

Phusion Passenger information disclosure

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10, if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root...

4.7CVSS2.2AI score0.00358EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2022/04/20 12:0 a.m.•37 views

SQL injection for certain queries with variables

For some queries, specific variable values can modify the query rather than just the variable. This can occur if: 1. the query's data source uses different escaping than the Rails database OR 2. the query has a variable inside a string literal Since Blazer is designed to run arbitrary queries, th...

7.5CVSS2.6AI score0.00857EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2020/05/28 12:0 a.m.•37 views

Cross-Site Scripting in Kaminari via `original_script_name` parameter

Impact There was a vulnerability in versions of Kaminari that would allow an attacker to inject arbitrary code into pages with pagination links. For example, an attacker could craft pagination links that link to other domain or host:...

6.4CVSS7AI score0.01508EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2020/04/29 12:0 a.m.•37 views

Potential denial of service in bson rubygem

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...

7.5CVSS5.3AI score0.06372EPSS
Exploits2References1Affected Software1
RubySec
RubySec
•added 2018/10/04 12:0 a.m.•37 views

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities

Nokogiri 1.8.5 has been released. This is a security and bugfix release. It addresses two CVEs in upstream libxml2 rated as "medium" by Red Hat, for which details are below. If you're using your distro's system libraries, rather than Nokogiri's vendored libraries, there's no security need to...

7.5CVSS6.7AI score0.043EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2018/02/27 12:0 a.m.•37 views

Authentication bypass via incorrect XML canonicalization and DOM traversal

ruby-saml prior to version 1.7.0 is vulnerable to an authentication bypass via incorrect XML canonicalization and DOM traversal. Specifically, there are inconsistencies in handling of comments within XML nodes, resulting in incorrect parsing of the inner text of XML nodes such that any inner text...

9.8CVSS4AI score0.02512EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities1243