1254 matches found
TZInfo relative path traversal vulnerability allows loading of arbitrary files
Impact Affected versions - 0.3.60 and earlier. - 1.0.0 to 1.2.9 when used with the Ruby data source tzinfo-data. Vulnerability With the Ruby data source the tzinfo-data gem for tzinfo version 1.0.0 and later and built-in to earlier versions, time zones are defined in Ruby files. There is one file...
Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...
Reallocation bug can trigger heap memory corruption
The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. Details The reallocation logic at yajlbuf.cL64 may result in the need 32bit integer wrapping to 0 when need approaches a value of 0x80000000...
Remote code execution in handlebars when compiling templates
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source. This vulnerability has been assigned the CVE identifier CVE-2021-23369...
XSS vulnerabilities in the mail_to helper in rails/actionview
Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...
Potential SQL Injection with limit in rails/activerecord
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument...
Denial of service or RCE from libxml2 and libxslt
Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote...
CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...
Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to...
CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a long string in a Multipart HTTP packet...
CVE-2012-6685 rubygem-nokogiri: XML eXternal Entity (XXE) flaw
Nokogiri before 1.5.4 is vulnerable to XXE attacks...
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages...
CVE-2012-6684 rubygem-RedCloth: XSS vulnerability
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...
CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...
CVE-2010-0541 Ruby WEBrick javascript injection flaw
Cross-site scripting XSS vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page...
Rack has an Unbounded-Parameter DoS in Rack::QueryParser
Summary Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. Details The vulnerability arises because...
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Summary The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. Details The vulnerability stems from mishandling...
Possible XSS Vulnerability in Action Controller
There is a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: = 7.0.0 Not affected: 7.0.0 Fixed Versions: 7.1.3.1, 7.0.8.1 Impact Applications using...
Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...
Ruby URI component ReDoS issue
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1...
HTTP response splitting in CGI
cgi.rb in Ruby through 2.6.x, through 3.0x, and through 3.1.x allows HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to...
Improper Certificate Validation in kubeclient
A flaw was found in all versions of kubeclient up to but not including v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate it wrongly returns...
Improper Certificate Validation in oauth ruby gem
lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information...
activerecord-session_store Timing Attack
The activerecord-sessionstore aka Active Record Session Store component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a...
Dependency Confusion in Bundler with Implicit Private Dependencies
Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that...
Missing TLS certificate verification
Faye uses em-http-request6 and faye-websocket10 in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by...
Ability to forge per-form CSRF tokens given a global CSRF token
It is possible to possible to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token for any action for that session. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ Given the ability to extract the global CSRF token, an...
Improper Restriction of Excessive Authentication Attempts in Sorcery
Impact Brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired protection will not be re-enabled until a user or malicious actor logs in successfully. This doe...
File Content Disclosure in Action View
There is a possible file content disclosure vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2019-5418. Versions Affected: All. Not affected: None. Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 Impact ------ There is a possible file...
Path Traversal in Sprockets
Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Workaround:...
XSS vulnerability in rails-html-sanitizer
There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-804...
No validation of hostname certificate in net-ldap
The Net::LDAP aka net-ldap gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. The LDAP server's certificate was not verified to match the host it was supposed to be connecting to...
High severity vulnerability that affects rails
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...
Buffer underrun vulnerability in OpenSSL ASN1 decode
There is a buffer underrun vulnerability in OpenSSL bundled by Ruby. If a malicious string is passed to the decode method of OpenSSL::ASN1, buffer underrun may be caused and the Ruby interpreter may crash. All users running an affected release should either upgrade or use one of the workarounds...
RubyGems vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...
CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint()
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." A flaw was found in a...
Directory Traversal Vulnerability With Certain Route Configurations
There is a vulnerability in the 'implicit render' functionality in Ruby on Rails.The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow a...
CVE-2013-6460 rubygem-nokogiri: DoS while parsing XML documents
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents...
Rack - Forwarded Header semicolon injection enables Host and Scheme spoofing
Summary Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons, a header such as: http Forwarded: for="127.0.0.1;host=evil.com;proto=https" can be interpreted by Rack as...
DoS in REXML
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem. Details When it parses an XML that has many specific characters such as . REXML gem may take long time. Please update REXML gem to...
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
The json-jwt aka JSON::JWT gem versions 1.16.5 and below sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...
jQuery Cross Site Scripting vulnerability
Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0 allows a remote attacker to execute arbitrary code via the element...
libxslt Type Confusion vulnerability that affects Nokogiri
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Nokogiri prior to version 1.10.5 used a vulnerable...
Nokogiri contains libxml Out-of-bounds Write vulnerability
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...
RubyGems Cross-site Scripting vulnerability
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...
Improper one time password handling in devise-two-factor
Impact As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. Patches This vulnerability has been patched in version 4.0.2 which was released on March...
NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby
NULL Pointer Dereference in mrbvmexec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system...
Regular Expression Denial of Service in Addressable templates
Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no...