1252 matches found
ReDoS based DoS vulnerability in GlobalID
There is a ReDoS based DoS vulnerability in the GlobalID gem. This vulnerability has been assigned the CVE identifier CVE-2023-22799. Versions Affected: = 0.2.1 Not affected: 0.2.1 Fixed Versions: 1.0.1 Impact There is a possible DoS vulnerability in the model name parsing section of the GlobalID...
protobuf-java has a potential Denial of Service issue
Summary A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...
Phusion Passenger information disclosure
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10, if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root...
SQL injection for certain queries with variables
For some queries, specific variable values can modify the query rather than just the variable. This can occur if: 1. the query's data source uses different escaping than the Rails database OR 2. the query has a variable inside a string literal Since Blazer is designed to run arbitrary queries, th...
Cross-Site Scripting in Kaminari via `original_script_name` parameter
Impact There was a vulnerability in versions of Kaminari that would allow an attacker to inject arbitrary code into pages with pagination links. For example, an attacker could craft pagination links that link to other domain or host:...
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
There is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the raw: true parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerabl...
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
Nokogiri 1.8.5 has been released. This is a security and bugfix release. It addresses two CVEs in upstream libxml2 rated as "medium" by Red Hat, for which details are below. If you're using your distro's system libraries, rather than Nokogiri's vendored libraries, there's no security need to...
Authentication bypass via incorrect XML canonicalization and DOM traversal
ruby-saml prior to version 1.7.0 is vulnerable to an authentication bypass via incorrect XML canonicalization and DOM traversal. Specifically, there are inconsistencies in handling of comments within XML nodes, resulting in incorrect parsing of the inner text of XML nodes such that any inner text...
Unsafe Query Generation Risk in Ruby on Rails
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...
Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2
Nokogiri version 1.6.7.2 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVE: CVE-2015-7499 CVSS v2 Base Score: 5.0 MEDIUM Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent...
CVE-2013-4164 ruby: heap overflow in floating point parsing
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that is converted to...
CVE-2013-4363 rubygems: version regex algorithmic complexity vulnerability, incomplete CVE-2013-4287 fix
'Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service C...
Puppet Privilege Escallation
The changeuser method in the SUIDManager lib/puppet/util/suidmanager.rb in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors...
Ruby missing "taintness" checks in dl module
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...
Bootstrap Cross-Site Scripting (XSS) vulnerability
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...
ActiveAdmin vulnerable to CSV injection
csvbuilder.rb in ActiveAdmin aka Active Admin before 3.2.0 allows CSV injection...
Code injection in ruby git
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648...
Denial of Service (DoS) in Nokogiri on JRuby
Summary Nokogiri v1.13.4 updates the vendored org.cyberneko.html library to 1.9.22.noko2 which addresses CVE-2022-24839. That CVE is rated 7.5 High Severity. See GHSA-9849-p7jc-9rmv for more information. Please note that this advisory only applies to the JRuby implementation of Nokogiri = 1.13.4...
Information Exposure with Puma when used with Rails
Impact Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly. From Rails: Under certain circumstances response bodies will no...
Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website...
Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile
In bundler versions before 2.2.33, when working with untrusted and apparently harmless Gemfile's, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the Gemfile itself. However, if the Gemfile includes gem entries that use the git optio...
Possible Information Disclosure / Unintended Method Execution in Action Pack
There is a possible information disclosure / unintended method execution vulnerability in Action Pack which has been assigned the CVE identifier CVE-2021-22885. Versions Affected: = 2.0.0. Not affected: 2.0.0. Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ There is a possible...
Possible DoS Vulnerability in Action Controller Token Authentication
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2021-22904. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses...
CSRF Vulnerability in rails-ujs
There is an vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ This is a regression of CVE-2015-1840. In the scenario where an attacker might be able to control the href attribute of an anchor ta...
Potential XSS vulnerability in jQuery
Impact Passing HTML containing elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Workarounds To workaround this issue without upgrading, use DOMPurify with its SAFEFORJQUERY option...
Bootstrap Cross-site Scripting vulnerability
In Bootstrap starting in version 2.3.0 and prior to versions 3.4.0 and 4.1.2, XSS is possible in the data-container property of tooltip. This is similar to CVE-2018-14041...
High severity vulnerability that affects thin
lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header...
Possible Information Leak Vulnerability in Action View
There is a possible directory traversal and information leak vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2016-0752. Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1 Impact ------ Applications that...
rest-client ruby gem logs sensitive information
REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...
Ruby incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameErrortos method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005...
Ruby multiple insufficient safe mode restrictions
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...
Buffer overread vulnerability in StringIO
An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. This vulnerability is not affected...
Connection confusion in gRPC
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this...
Ruby Time component ReDos issue
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...
Possible DoS Vulnerability in Multipart MIME parsing
There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530. Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3 Impact The Multipart MIME parsing code in Rack...
Denial of service via header parsing in Rack
There is a possible denial of service vulnerability in the Range header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44570. Versions Affected: = 1.5.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.2, 3.0.4.1 Impact Carefully crafted inp...
HTTP Request Smuggling in puma
Impact When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The following...
Remote shell execution vulnerability when applying commands from user input
Impact When using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input, this allows the attacker to execute shell commands: rb ImageProcessing::Vips.apply system: "echo EXECUTED" EXECUTED This method is called internally by Active Stora...
HTTP Smuggling via Transfer-Encoding Header in Puma
Impact By using an invalid transfer-encoding header, an attacker could smuggle an HTTP response. Patches The problem has been fixed in Puma 3.12.5 and Puma 4.3.4...
XSS vulnerability in bootstrap
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute...
Bootstrap vulnerable to Cross-Site Scripting (XSS)
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...
XSS vulnerabilities in the mail_to helper in rails/actionpack
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...
Arbitrary File Write Access in Puppet
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise PE 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log /tmp/out.log...
Possible Information Leak Vulnerability in Action View
There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all the scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x, 4.0.x,...
Possible Information Leak Vulnerability in Action View
There is a possible directory traversal and information leak vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2016-0752. Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1 Impact ------ Applications that...
SMTP command injection
Net::SMTP is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. Applications that validate email address format are not affected by this vulnerability. The injection attack is...
XSS Vulnerability in ActiveSupport::JSON.encode
When a Hash containing user-controlled data is encode as JSON either through Hashtojson or ActiveSupport::JSON.encode, Rails does not perform adequate escaping that matches the guarantee implied by the escapehtmlentitiesinjson option which is enabled by default. If this resulting JSON string is...
IP whitelist bypass in Web Console
Specially crafted remote requests can spoof their origin, bypassing the IP whitelist, in any environment where Web Console is enabled development and test, by default. Users whose application is only accessible from localhost as is the default behaviour in Rails 4.2 are not affected, unless a loc...
i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS
i18n Gem for Ruby contains a flaw in the Hashslice function in lib/i18n/coreext/hash.rb that is triggered when calling a hash when :somekey is in keepkeys but not in the hash. This may allow an attacker to cause the program to crash...
CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. A flaw was found in the way...