Lucene search
K
RubygemsMost viewed

1252 matches found

RubySec
RubySec
added 2021/08/19 12:0 a.m.31 views

Possible Open Redirect in Host Authorization Middleware

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942. Versions Affected: = 6.0.0. Not affected: 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1 Impact ------ Specially crafted...

6.1CVSS3.5AI score0.0164EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/04/22 12:0 a.m.31 views

Improper Certificate Validation in oauth ruby gem

lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information...

7.4CVSS5.2AI score0.00746EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/03/08 12:0 a.m.31 views

activerecord-session_store Timing Attack

The activerecord-sessionstore aka Active Record Session Store component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a...

6.3CVSS3.1AI score0.03687EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2020/09/30 12:0 a.m.31 views

Dependency Confusion in Bundler with Implicit Private Dependencies

Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that...

9.3CVSS1.7AI score0.06307EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/07/31 12:0 a.m.31 views

Missing TLS certificate verification

Faye uses em-http-request6 and faye-websocket10 in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by...

8.7CVSS6.6AI score0.00864EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/05/18 12:0 a.m.31 views

Ability to forge per-form CSRF tokens given a global CSRF token

It is possible to possible to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token for any action for that session. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ Given the ability to extract the global CSRF token, an...

4.3CVSS2AI score0.01673EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/05/07 12:0 a.m.31 views

Improper Restriction of Excessive Authentication Attempts in Sorcery

Impact Brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired protection will not be re-enabled until a user or malicious actor logs in successfully. This doe...

9.8CVSS7.1AI score0.01598EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/03/13 12:0 a.m.31 views

File Content Disclosure in Action View

There is a possible file content disclosure vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2019-5418. Versions Affected: All. Not affected: None. Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 Impact ------ There is a possible file...

7.5CVSS0.8AI score0.98507EPSS
Exploits18References1Affected Software1
RubySec
RubySec
added 2018/06/19 12:0 a.m.31 views

Path Traversal in Sprockets

Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Workaround:...

7.5CVSS6.8AI score0.26717EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2018/03/22 12:0 a.m.31 views

XSS vulnerability in rails-html-sanitizer

There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-804...

6.1CVSS0.7AI score0.01984EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/01/29 12:0 a.m.31 views

Nokogiri gem, via libxml, is affected by DoS vulnerabilities

The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.6. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consum...

8.8CVSS3.8AI score0.02963EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2017/12/17 12:0 a.m.31 views

No validation of hostname certificate in net-ldap

The Net::LDAP aka net-ldap gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. The LDAP server's certificate was not verified to match the host it was supposed to be connecting to...

5.9CVSS1AI score0.01348EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.31 views

High severity vulnerability that affects rails

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

7.5CVSS7.4AI score0.03063EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/09/14 12:0 a.m.31 views

Buffer underrun vulnerability in OpenSSL ASN1 decode

There is a buffer underrun vulnerability in OpenSSL bundled by Ruby. If a malicious string is passed to the decode method of OpenSSL::ASN1, buffer underrun may be caused and the Ruby interpreter may crash. All users running an affected release should either upgrade or use one of the workarounds...

7.5CVSS6.9AI score0.07734EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/08/29 12:0 a.m.31 views

RubyGems vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...

7.5CVSS5.1AI score0.29442EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2015/05/14 12:0 a.m.31 views

CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint()

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." A flaw was found in a...

5CVSS7.9AI score0.08934EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2014/05/06 12:0 a.m.31 views

Directory Traversal Vulnerability With Certain Route Configurations

There is a vulnerability in the 'implicit render' functionality in Ruby on Rails.The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow a...

7.5CVSS4.8AI score0.53703EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2013/12/14 12:0 a.m.31 views

CVE-2013-6460 rubygem-nokogiri: DoS while parsing XML documents

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents...

6.5CVSS6.3AI score0.02083EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2013/01/13 12:0 a.m.31 views

CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS

Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."...

4.3CVSS6AI score0.02418EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/01/07 12:0 a.m.31 views

CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a long string in a Multipart HTTP packet...

5CVSS6.1AI score0.03778EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/04/02 12:0 a.m.30 views

Rack - Forwarded Header semicolon injection enables Host and Scheme spoofing

Summary Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons, a header such as: http Forwarded: for="127.0.0.1;host=evil.com;proto=https" can be interpreted by Rack as...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/05/08 12:0 a.m.30 views

Rack has an Unbounded-Parameter DoS in Rack::QueryParser

Summary Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. Details The vulnerability arises because...

7.5CVSS6.8AI score0.00911EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/07/03 12:0 a.m.30 views

Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...

6.5CVSS7.1AI score0.00856EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/02/29 12:0 a.m.30 views

json-jwt allows bypass of identity checks via a sign/encryption confusion attack

The json-jwt aka JSON::JWT gem versions 1.16.5 and below sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS7AI score0.00233EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2024/02/21 12:0 a.m.30 views

Possible XSS Vulnerability in Action Controller

There is a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: = 7.0.0 Not affected: 7.0.0 Fixed Versions: 7.1.3.1, 7.0.8.1 Impact Applications using...

6.1CVSS6.4AI score0.01034EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2024/02/20 12:0 a.m.30 views

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS6AI score0.00493EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2023/09/13 12:0 a.m.30 views

Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...

7.5CVSS7AI score0.00666EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2023/06/26 12:0 a.m.30 views

jQuery Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0 allows a remote attacker to execute arbitrary code via the element...

7.3AI score
Exploits5References1Affected Software1
RubySec
RubySec
added 2022/11/18 12:0 a.m.30 views

HTTP response splitting in CGI

cgi.rb in Ruby through 2.6.x, through 3.0x, and through 3.1.x allows HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to...

8.8CVSS7.3AI score0.02287EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.30 views

Nokogiri contains libxml Out-of-bounds Write vulnerability

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...

8.6CVSS7.2AI score0.0828EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.30 views

libxslt Type Confusion vulnerability that affects Nokogiri

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Nokogiri prior to version 1.10.5 used a vulnerable...

5.3CVSS6.4AI score0.05147EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/14 12:0 a.m.30 views

RubyGems Cross-site Scripting vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...

6.1CVSS1.3AI score0.02845EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/04/07 12:0 a.m.30 views

Improper one time password handling in devise-two-factor

Impact As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. Patches This vulnerability has been patched in version 4.0.2 which was released on March...

5.3CVSS2.7AI score0.01782EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/04/05 12:0 a.m.30 views

Reallocation bug can trigger heap memory corruption

The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. Details The reallocation logic at yajlbuf.cL64 may result in the need 32bit integer wrapping to 0 when need approaches a value of 0x80000000...

7.5CVSS1.2AI score0.03472EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/04/02 12:0 a.m.30 views

NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby

NULL Pointer Dereference in mrbvmexec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system...

7.1CVSS6.8AI score0.00363EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/03/26 12:0 a.m.30 views

Improper Certificate Validation in kubeclient

A flaw was found in all versions of kubeclient up to but not including v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate it wrongly returns...

8.1CVSS2.9AI score0.00905EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/07/12 12:0 a.m.30 views

Regular Expression Denial of Service in Addressable templates

Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no...

7.5CVSS7.2AI score0.02199EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/05/05 12:0 a.m.30 views

Possible Open Redirect Vulnerability in Action Pack

There is a possible Open Redirect Vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22903. Versions Affected: = v6.1.0.rc2 Not affected: v6.1.0.rc2 Fixed Versions: 6.1.3.2 Impact ------ This is similar to CVE-2021-22881: Specially crafted Host headers ...

6.1CVSS2.8AI score0.01224EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/08/19 12:0 a.m.30 views

Code execution backdoor in rest-client

The rest-client gem 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...

9.8CVSS2.7AI score0.0355EPSS
Exploits0References1
RubySec
RubySec
added 2019/02/07 12:0 a.m.30 views

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module

Devise ruby gem before 4.6.0 when the lockable module is used is vulnerable to a time-of-check time-of-use TOCTOU race condition due to incrementfailedattempts within the Devise::Models::Lockable class not being concurrency safe...

9.8CVSS2.3AI score0.01556EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2018/11/05 12:0 a.m.30 views

Possible XSS vulnerability in Rack

There is a possible vulnerability in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16471. Versions Affected: All. Not affected: None. Fixed Versions: 2.0.6, 1.6.11 Impact ------ There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data...

6.1CVSS1AI score0.01816EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/08/09 12:0 a.m.30 views

Malicious ruby gem - active-support

The gem duplicates official activesupport no hyphen code, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain, downloads a payload, and executes. Replace this gem with the official activesupport gem...

10CVSS3.3AI score0.06129EPSS
Exploits1References1
RubySec
RubySec
added 2018/06/12 12:0 a.m.30 views

SpawningKit exploits

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in...

9.8CVSS6.5AI score0.01948EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/03/07 12:0 a.m.30 views

rack-protection gem timing attack vulnerability when validating CSRF token

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application...

5.9CVSS4.9AI score0.0245EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.30 views

last_run_report.yaml is world readable

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for lastrunreport.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file...

2.1CVSS6.3AI score0.00481EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2016/08/27 12:0 a.m.30 views

XSS Vulnerability on closeText option of Dialog jQuery UI

Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...

6.1CVSS6AI score0.2258EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2015/06/16 12:0 a.m.30 views

CSRF Vulnerability in jquery-ujs

In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" note the leading space that will be passed to JQuery, who will s...

5CVSS6.3AI score0.04397EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2014/11/17 12:0 a.m.30 views

Arbitrary file existence disclosure in Action Pack

Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether or not the file exists. This vulnerability is very similar to CVE-2014-7818, but th...

5CVSS3.8AI score0.04162EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2014/02/18 12:0 a.m.30 views

CVE-2014-0080 rubygem-activerecord: PostgreSQL array data injection vulnerability

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ backslash character...

6.8CVSS7.9AI score0.01304EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2014/01/14 12:0 a.m.30 views

Ember.js Potential XSS Exploit With User-Supplied Data When Binding Primitive Values

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, we have identified a vulnerability that could lead to unescaped content being inserted into the innerHTML string without being sanitized. When a primitive value...

5.4CVSS1.2AI score0.00686EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities1252