Lucene search
+L
RubygemsMost viewed

1254 matches found

RubySec
RubySec
added 2020/05/22 12:0 a.m.36 views

HTTP Smuggling via Transfer-Encoding Header in Puma

Impact By using an invalid transfer-encoding header, an attacker could smuggle an HTTP response. Patches The problem has been fixed in Puma 3.12.5 and Puma 4.3.4...

7.5CVSS6.9AI score0.03977EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/09/13 12:0 a.m.35 views

Bootstrap vulnerable to Cross-Site Scripting (XSS)

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...

6.1CVSS6.3AI score0.04293EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2018/01/29 12:0 a.m.35 views

Nokogiri gem, via libxml, is affected by DoS vulnerabilities

The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.6. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consum...

8.8CVSS3.8AI score0.02963EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.35 views

Arbitrary File Write Access in Puppet

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise PE 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log /tmp/out.log...

3.6CVSS6.7AI score0.00402EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.35 views

XSS vulnerabilities in the mail_to helper in rails/actionpack

Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...

4.3CVSS5.9AI score0.0235EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2016/02/29 12:0 a.m.35 views

Possible Information Leak Vulnerability in Action View

There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all the scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x, 4.0.x,...

5.3CVSS0.8AI score0.04423EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2016/01/25 12:0 a.m.35 views

Possible Information Leak Vulnerability in Action View

There is a possible directory traversal and information leak vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2016-0752. Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1 Impact ------ Applications that...

7.5CVSS2.3AI score0.95537EPSS
Exploits11References1Affected Software1
RubySec
RubySec
added 2015/12/09 12:0 a.m.35 views

SMTP command injection

Net::SMTP is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. Applications that validate email address format are not affected by this vulnerability. The injection attack is...

6.1CVSS6.9AI score0.03675EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2015/06/16 12:0 a.m.35 views

IP whitelist bypass in Web Console

Specially crafted remote requests can spoof their origin, bypassing the IP whitelist, in any environment where Web Console is enabled development and test, by default. Users whose application is only accessible from localhost as is the default behaviour in Rails 4.2 are not affected, unless a loc...

4.3CVSS5.2AI score0.44984EPSS
Exploits6References1Affected Software1
RubySec
RubySec
added 2015/06/16 12:0 a.m.35 views

XSS Vulnerability in ActiveSupport::JSON.encode

When a Hash containing user-controlled data is encode as JSON either through Hashtojson or ActiveSupport::JSON.encode, Rails does not perform adequate escaping that matches the guarantee implied by the escapehtmlentitiesinjson option which is enabled by default. If this resulting JSON string is...

4.3CVSS1AI score0.0278EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/03/19 12:0 a.m.35 views

CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. A flaw was found in the way...

5CVSS2.5AI score0.03438EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/03/19 12:0 a.m.35 views

CVE-2013-1857 rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails

'The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...

4.3CVSS5AI score0.01868EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/02/11 12:0 a.m.35 views

CVE-2013-0277 rubygem-activerecord: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

10CVSS7.6AI score0.07497EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2013/01/13 12:0 a.m.35 views

CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS

Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."...

4.3CVSS6AI score0.02418EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/02/26 12:0 a.m.34 views

CVE-2025-27220 - ReDoS in CGI::Util#escapeElement.

There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...

7.5CVSS7AI score0.00702EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/02/21 12:0 a.m.34 views

Possible Denial of Service Vulnerability in Rack Header Parsing

There is a possible denial of service vulnerability in the header parsing routines in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26146. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1 Impact Carefully crafted headers can...

7.5CVSS7.1AI score0.01996EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/10/12 12:0 a.m.34 views

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma

Impact Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. This behavior forwarding LF character...

3.7CVSS6.8AI score0.01119EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2020/03/19 12:0 a.m.34 views

Possible XSS vulnerability in ActionView

There is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. Versions Affected: All. Not affected: None. Fixed Versions: 6.0.2.2, 5.2.4.2 Impact ------ There is a possible XSS...

4.8CVSS6.3AI score0.01543EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/02/27 12:0 a.m.34 views

HTTP Response Splitting vulnerability in puma

If an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While n...

7.5CVSS6.2AI score0.02549EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/07/26 12:0 a.m.34 views

SQL injection vulnerability via Marginalia::Comment

The 'marginalia' gem is affected by a SQL Injection vulnerability. All SQL queries are affected when a user controller argument is added as a component. This affects users that add a component that is user controller, for instance a parameter or a header. The issue is resolved in version 1.6...

9.8CVSS3.8AI score0.01381EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/11/05 12:0 a.m.34 views

Possible DoS vulnerability in Rack

There is a possible DoS vulnerability in the multipart parser in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16470. Versions Affected: 2.0.4, 2.0.5 Not affected: = 2.0.3 Fixed Versions: 2.0.6 Impact ------ There is a possible DoS vulnerability in the multipart parser in...

7.5CVSS2.5AI score0.02033EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/03/28 12:0 a.m.34 views

Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket

There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby. And there is also a unintentional socket access vulnerability in UNIXSocket.open method. UNIXServer.open accepts the path of the socket to be created at the first parameter. If th...

7.5CVSS6.7AI score0.07169EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/11/10 12:0 a.m.34 views

Stored XSS in "geminabox" via injection in Gemspec "homepage" value

Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to...

6.1CVSS1.1AI score0.01084EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2016/02/29 12:0 a.m.34 views

Possible Information Leak Vulnerability in Action View

There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all the scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x, 4.0.x,...

5.3CVSS0.8AI score0.04423EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2015/06/16 12:0 a.m.34 views

CSRF Vulnerability in jquery-ujs

In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" note the leading space that will be passed to JQuery, who will s...

5CVSS6.3AI score0.04397EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2015/06/08 12:0 a.m.34 views

RubyGems remote_fetcher.rb api_endpoint() Function Missing SRV Record Hostname Validation Request Hijacking

RubyGems contains a flaw in the apiendpoint function in remotefetcher.rb that is triggered when handling hostnames in SRV records. With a specially crafted response, a context-dependent attacker may conduct DNS hijacking attacks. This vulnerability is due to an incomplete fix for CVE-2015-3900,...

5CVSS3AI score0.08934EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2014/07/02 12:0 a.m.34 views

CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting...

7.5CVSS3.5AI score0.04181EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2014/02/18 12:0 a.m.34 views

CVE-2014-0081 rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability

Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...

4.3CVSS5.9AI score0.04032EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/03/12 12:0 a.m.34 views

CVE-2013-2617 rubygem-curl: insufficient URL escaping command injection

lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...

7.5CVSS7.9AI score0.0442EPSS
Exploits0References1
RubySec
RubySec
added 2024/10/02 12:0 a.m.33 views

OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)

Summary The login functionality contains a reflected cross-site scripting XSS vulnerability. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition Impact This issue may lead up to Remote Code Execution RCE. NOTE: The complete advisory with much more information...

6.1CVSS7.1AI score0.00455EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/02/20 12:0 a.m.33 views

Possibility to circumvent the invitation token expiry period

Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...

7.4CVSS7.5AI score0.00791EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/06/28 12:0 a.m.33 views

ruby-mysql Client File Read

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...

6.5CVSS3.5AI score0.01133EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/17 12:0 a.m.33 views

Katello uses hard coded credential

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...

9.8CVSS7.2AI score0.03002EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/12/08 12:0 a.m.33 views

Improper Privilege Management in devise_masquerade

The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...

8.1CVSS2.5AI score0.0121EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/02/10 12:0 a.m.33 views

Possible DoS Vulnerability in Active Record PostgreSQL adapter

There is a possible DoS vulnerability in the PostgreSQL adapter in Active Record. This vulnerability has been assigned the CVE identifier CVE-2021-22880. Versions Affected: = 4.2.0 Not affected: 4.2.0 Fixed Versions: 6.1.2.1, 6.0.3.5, 5.2.4.5 Impact ------ Carefully crafted input can cause the...

7.5CVSS3AI score0.04434EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/02/08 12:0 a.m.33 views

Code Injection vulnerability in CarrierWave::RMagick

Impact CarrierWave::RMagick has a Code Injection vulnerability. Its manipulate! method inappropriately evals the content of mutation option:read/:write, allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, i...

8.8CVSS7.6AI score0.12678EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/09/08 12:0 a.m.33 views

Devise Gem for Ruby confirmation token validation with a blank string

Devise before 4.7.1 confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records would exist...

5.3CVSS1.3AI score0.01832EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/10/17 12:0 a.m.33 views

Tainted flags not always propogated in Array#pack and String#unpack

In Arraypack and Stringunpack with some formats, the tainted flags of the original data are not propagated to the returned string/array. Arraypack method converts the receiver’s contents into a string with specified format. If the receiver contains some tainted objects, the returned string also...

8.1CVSS6.8AI score0.07968EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.33 views

High severity vulnerability that affects rails.

Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service application hang or "data loss," a differen...

7.5CVSS7.5AI score0.03063EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.33 views

Moderate severity vulnerability that affects rails

The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...

6.8CVSS6.9AI score0.03576EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2016/01/25 12:0 a.m.33 views

Nested attributes rejection proc bypass in Active Record

There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled. This vulnerability has been assigned the CVE identifier CVE-2015-7577. Versions Affected: 3.1.0 and newer Not affected: 3.0.x and...

5.3CVSS2.1AI score0.0425EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2014/07/09 12:0 a.m.33 views

CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service segmentation fault via vectors that trigger a stack-based buffer overflow...

5CVSS5.3AI score0.03893EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2014/04/07 12:0 a.m.33 views

CVE-2014-3916 ruby: DoS via long string in str_buf_cat()

The strbufcat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string...

5CVSS6.2AI score0.01374EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/03/19 12:0 a.m.33 views

CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...

4.3CVSS2.2AI score0.0264EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2010/01/10 12:0 a.m.33 views

CVE-2009-4492 ruby WEBrick log escape sequence

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...

7.5CVSS7.4AI score0.15684EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2008/06/20 12:0 a.m.33 views

CVE-2008-2662 ruby: Integer overflows in rb_str_buf_append()

Multiple integer overflows in the rbstrbufappend function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that...

10CVSS7.2AI score0.04264EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/03/12 12:0 a.m.32 views

graphql allows remote code execution when loading a crafted GraphQL schema

Loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via...

9CVSS9.3AI score0.02865EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2024/06/02 12:0 a.m.32 views

activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends

Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...

6.1CVSS6.6AI score0.00349EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2023/07/11 12:0 a.m.32 views

Decidim Cross-site Scripting vulnerability in the processes filter

Impact The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of...

8.1CVSS6.8AI score0.00736EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2023/03/13 12:0 a.m.32 views

Possible Denial of Service Vulnerability in Rack’s header parsing

There is a denial of service vulnerability in the header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27539. Versions Affected: = 2.0.0 Not affected: None. Fixed Versions: 2.2.6.4, 3.0.6.1 Impact Carefully crafted input can cause header parsing in Ra...

5.3CVSS4.5AI score0.01081EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities1254