1254 matches found
HTTP Smuggling via Transfer-Encoding Header in Puma
Impact By using an invalid transfer-encoding header, an attacker could smuggle an HTTP response. Patches The problem has been fixed in Puma 3.12.5 and Puma 4.3.4...
Bootstrap vulnerable to Cross-Site Scripting (XSS)
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.6. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consum...
Arbitrary File Write Access in Puppet
telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise PE 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log /tmp/out.log...
XSS vulnerabilities in the mail_to helper in rails/actionpack
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...
Possible Information Leak Vulnerability in Action View
There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all the scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x, 4.0.x,...
Possible Information Leak Vulnerability in Action View
There is a possible directory traversal and information leak vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2016-0752. Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1 Impact ------ Applications that...
SMTP command injection
Net::SMTP is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. Applications that validate email address format are not affected by this vulnerability. The injection attack is...
IP whitelist bypass in Web Console
Specially crafted remote requests can spoof their origin, bypassing the IP whitelist, in any environment where Web Console is enabled development and test, by default. Users whose application is only accessible from localhost as is the default behaviour in Rails 4.2 are not affected, unless a loc...
XSS Vulnerability in ActiveSupport::JSON.encode
When a Hash containing user-controlled data is encode as JSON either through Hashtojson or ActiveSupport::JSON.encode, Rails does not perform adequate escaping that matches the guarantee implied by the escapehtmlentitiesinjson option which is enabled by default. If this resulting JSON string is...
CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. A flaw was found in the way...
CVE-2013-1857 rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails
'The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...
CVE-2013-0277 rubygem-activerecord: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...
CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."...
CVE-2025-27220 - ReDoS in CGI::Util#escapeElement.
There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...
Possible Denial of Service Vulnerability in Rack Header Parsing
There is a possible denial of service vulnerability in the header parsing routines in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26146. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1 Impact Carefully crafted headers can...
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Impact Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. This behavior forwarding LF character...
Possible XSS vulnerability in ActionView
There is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. Versions Affected: All. Not affected: None. Fixed Versions: 6.0.2.2, 5.2.4.2 Impact ------ There is a possible XSS...
HTTP Response Splitting vulnerability in puma
If an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While n...
SQL injection vulnerability via Marginalia::Comment
The 'marginalia' gem is affected by a SQL Injection vulnerability. All SQL queries are affected when a user controller argument is added as a component. This affects users that add a component that is user controller, for instance a parameter or a header. The issue is resolved in version 1.6...
Possible DoS vulnerability in Rack
There is a possible DoS vulnerability in the multipart parser in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16470. Versions Affected: 2.0.4, 2.0.5 Not affected: = 2.0.3 Fixed Versions: 2.0.6 Impact ------ There is a possible DoS vulnerability in the multipart parser in...
Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
There is a unintentional socket creation vulnerability in UNIXServer.open method of socket library bundled with Ruby. And there is also a unintentional socket access vulnerability in UNIXSocket.open method. UNIXServer.open accepts the path of the socket to be created at the first parameter. If th...
Stored XSS in "geminabox" via injection in Gemspec "homepage" value
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to...
Possible Information Leak Vulnerability in Action View
There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all the scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x, 4.0.x,...
CSRF Vulnerability in jquery-ujs
In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" note the leading space that will be passed to JQuery, who will s...
RubyGems remote_fetcher.rb api_endpoint() Function Missing SRV Record Hostname Validation Request Hijacking
RubyGems contains a flaw in the apiendpoint function in remotefetcher.rb that is triggered when handling hostnames in SRV records. With a specially crafted response, a context-dependent attacker may conduct DNS hijacking attacks. This vulnerability is due to an incomplete fix for CVE-2015-3900,...
CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting...
CVE-2014-0081 rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability
Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...
CVE-2013-2617 rubygem-curl: insufficient URL escaping command injection
lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Summary The login functionality contains a reflected cross-site scripting XSS vulnerability. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition Impact This issue may lead up to Remote Code Execution RCE. NOTE: The complete advisory with much more information...
Possibility to circumvent the invitation token expiry period
Impact The invites feature allows users to accept the invitation for an unlimited amount of time through the password reset functionality. When using the password reset functionality, the deviseinvitable gem always accepts the pending invitation if the user has been invited as shown in this piece...
ruby-mysql Client File Read
A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...
Katello uses hard coded credential
The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...
Improper Privilege Management in devise_masquerade
The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...
Possible DoS Vulnerability in Active Record PostgreSQL adapter
There is a possible DoS vulnerability in the PostgreSQL adapter in Active Record. This vulnerability has been assigned the CVE identifier CVE-2021-22880. Versions Affected: = 4.2.0 Not affected: 4.2.0 Fixed Versions: 6.1.2.1, 6.0.3.5, 5.2.4.5 Impact ------ Carefully crafted input can cause the...
Code Injection vulnerability in CarrierWave::RMagick
Impact CarrierWave::RMagick has a Code Injection vulnerability. Its manipulate! method inappropriately evals the content of mutation option:read/:write, allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, i...
Devise Gem for Ruby confirmation token validation with a blank string
Devise before 4.7.1 confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records would exist...
Tainted flags not always propogated in Array#pack and String#unpack
In Arraypack and Stringunpack with some formats, the tainted flags of the original data are not propagated to the returned string/array. Arraypack method converts the receiver’s contents into a string with specified format. If the receiver contains some tainted objects, the returned string also...
High severity vulnerability that affects rails.
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service application hang or "data loss," a differen...
Moderate severity vulnerability that affects rails
The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...
Nested attributes rejection proc bypass in Active Record
There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled. This vulnerability has been assigned the CVE identifier CVE-2015-7577. Versions Affected: 3.1.0 and newer Not affected: 3.0.x and...
CVE-2014-4975 ruby: off-by-one stack-based buffer overflow in the encodes() function
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service segmentation fault via vectors that trigger a stack-based buffer overflow...
CVE-2014-3916 ruby: DoS via long string in str_buf_cat()
The strbufcat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string...
CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css
The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...
CVE-2009-4492 ruby WEBrick log escape sequence
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...
CVE-2008-2662 ruby: Integer overflows in rb_str_buf_append()
Multiple integer overflows in the rbstrbufappend function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that...
graphql allows remote code execution when loading a crafted GraphQL schema
Loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via...
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...
Decidim Cross-site Scripting vulnerability in the processes filter
Impact The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of...
Possible Denial of Service Vulnerability in Rack’s header parsing
There is a denial of service vulnerability in the header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27539. Versions Affected: = 2.0.0 Not affected: None. Fixed Versions: 2.2.6.4, 3.0.6.1 Impact Carefully crafted input can cause header parsing in Ra...