Lucene search
+L
RubygemsMost viewed

1254 matches found

RubySec
RubySec
added 2022/07/21 12:0 a.m.32 views

TZInfo relative path traversal vulnerability allows loading of arbitrary files

Impact Affected versions - 0.3.60 and earlier. - 1.0.0 to 1.2.9 when used with the Ruby data source tzinfo-data. Vulnerability With the Ruby data source the tzinfo-data gem for tzinfo version 1.0.0 and later and built-in to earlier versions, time zones are defined in Ruby files. There is one file...

8.1CVSS1.6AI score0.01786EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.32 views

Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

5.9CVSS6.7AI score0.03503EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/04/05 12:0 a.m.32 views

Reallocation bug can trigger heap memory corruption

The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. Details The reallocation logic at yajlbuf.cL64 may result in the need 32bit integer wrapping to 0 when need approaches a value of 0x80000000...

7.5CVSS1.2AI score0.03472EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/04/12 12:0 a.m.32 views

Remote code execution in handlebars when compiling templates

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source. This vulnerability has been assigned the CVE identifier CVE-2021-23369...

9.8CVSS7.3AI score0.07028EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.32 views

XSS vulnerabilities in the mail_to helper in rails/actionview

Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...

4.3CVSS5.9AI score0.0235EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.32 views

Potential SQL Injection with limit in rails/activerecord

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument...

7.5CVSS8.1AI score0.02173EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2016/06/07 12:0 a.m.32 views

Denial of service or RCE from libxml2 and libxslt

Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote...

7.5CVSS2.7AI score0.04964EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2014/10/27 12:0 a.m.32 views

CVE-2014-8080 ruby: REXML billion laughs attack via parameter entity expansion

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

5CVSS6.1AI score0.05538EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2013/07/25 12:0 a.m.32 views

Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to...

6.1CVSS0.7AI score0.00874EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/01/07 12:0 a.m.32 views

CVE-2013-0183 rubygem-rack: receiving excessively long lines triggers out-of-memory error

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a long string in a Multipart HTTP packet...

5CVSS6.1AI score0.03778EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2012/06/08 12:0 a.m.32 views

CVE-2012-6685 rubygem-nokogiri: XML eXternal Entity (XXE) flaw

Nokogiri before 1.5.4 is vulnerable to XXE attacks...

7.5CVSS2.4AI score0.02168EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2012/05/29 12:0 a.m.32 views

Puppet uses predictable filenames, allowing arbitrary file overwrite

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages...

3.3CVSS6.9AI score0.0035EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2012/02/29 12:0 a.m.32 views

CVE-2012-6684 rubygem-RedCloth: XSS vulnerability

Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...

4.3CVSS8AI score0.02253EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2011/02/18 12:0 a.m.32 views

CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...

5CVSS6.4AI score0.02772EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2010/06/15 12:0 a.m.32 views

CVE-2010-0541 Ruby WEBrick javascript injection flaw

Cross-site scripting XSS vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page...

4.3CVSS5.3AI score0.02814EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/05/08 12:0 a.m.31 views

Rack has an Unbounded-Parameter DoS in Rack::QueryParser

Summary Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. Details The vulnerability arises because...

7.5CVSS6.8AI score0.00911EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/02/28 12:0 a.m.31 views

YARD's default template vulnerable to Cross-site Scripting in generated frames.html

Summary The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. Details The vulnerability stems from mishandling...

6.1CVSS5.5AI score0.0106EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2024/02/21 12:0 a.m.31 views

Possible XSS Vulnerability in Action Controller

There is a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: = 7.0.0 Not affected: 7.0.0 Fixed Versions: 7.1.3.1, 7.0.8.1 Impact Applications using...

6.1CVSS6.4AI score0.01034EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2024/02/20 12:0 a.m.31 views

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS6AI score0.00493EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2023/03/31 12:0 a.m.31 views

Ruby URI component ReDoS issue

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1...

5.3CVSS6.8AI score0.02637EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/11/18 12:0 a.m.31 views

HTTP response splitting in CGI

cgi.rb in Ruby through 2.6.x, through 3.0x, and through 3.1.x allows HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to...

8.8CVSS7.3AI score0.02287EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/03/26 12:0 a.m.31 views

Improper Certificate Validation in kubeclient

A flaw was found in all versions of kubeclient up to but not including v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate it wrongly returns...

8.1CVSS2.9AI score0.00905EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/04/22 12:0 a.m.31 views

Improper Certificate Validation in oauth ruby gem

lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information...

7.4CVSS5.2AI score0.00746EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/03/08 12:0 a.m.31 views

activerecord-session_store Timing Attack

The activerecord-sessionstore aka Active Record Session Store component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a...

6.3CVSS3.1AI score0.03687EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2020/09/30 12:0 a.m.31 views

Dependency Confusion in Bundler with Implicit Private Dependencies

Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that...

9.3CVSS1.7AI score0.06307EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/07/31 12:0 a.m.31 views

Missing TLS certificate verification

Faye uses em-http-request6 and faye-websocket10 in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by...

8.7CVSS6.6AI score0.00864EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/05/18 12:0 a.m.31 views

Ability to forge per-form CSRF tokens given a global CSRF token

It is possible to possible to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token for any action for that session. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ Given the ability to extract the global CSRF token, an...

4.3CVSS2AI score0.01673EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/05/07 12:0 a.m.31 views

Improper Restriction of Excessive Authentication Attempts in Sorcery

Impact Brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired protection will not be re-enabled until a user or malicious actor logs in successfully. This doe...

9.8CVSS7.1AI score0.01598EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/03/13 12:0 a.m.31 views

File Content Disclosure in Action View

There is a possible file content disclosure vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2019-5418. Versions Affected: All. Not affected: None. Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 Impact ------ There is a possible file...

7.5CVSS0.8AI score0.98507EPSS
Exploits18References1Affected Software1
RubySec
RubySec
added 2018/06/19 12:0 a.m.31 views

Path Traversal in Sprockets

Specially crafted requests can be used to access files that exist on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. Workaround:...

7.5CVSS6.8AI score0.26717EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2018/03/22 12:0 a.m.31 views

XSS vulnerability in rails-html-sanitizer

There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-804...

6.1CVSS0.7AI score0.01984EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/12/17 12:0 a.m.31 views

No validation of hostname certificate in net-ldap

The Net::LDAP aka net-ldap gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. The LDAP server's certificate was not verified to match the host it was supposed to be connecting to...

5.9CVSS1AI score0.01348EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.31 views

High severity vulnerability that affects rails

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

7.5CVSS7.4AI score0.03063EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/09/14 12:0 a.m.31 views

Buffer underrun vulnerability in OpenSSL ASN1 decode

There is a buffer underrun vulnerability in OpenSSL bundled by Ruby. If a malicious string is passed to the decode method of OpenSSL::ASN1, buffer underrun may be caused and the Ruby interpreter may crash. All users running an affected release should either upgrade or use one of the workarounds...

7.5CVSS6.9AI score0.07734EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2017/08/29 12:0 a.m.31 views

RubyGems vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...

7.5CVSS5.1AI score0.29442EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2015/05/14 12:0 a.m.31 views

CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint()

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." A flaw was found in a...

5CVSS7.9AI score0.08934EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2014/05/06 12:0 a.m.31 views

Directory Traversal Vulnerability With Certain Route Configurations

There is a vulnerability in the 'implicit render' functionality in Ruby on Rails.The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow a...

7.5CVSS4.8AI score0.53703EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2013/12/14 12:0 a.m.31 views

CVE-2013-6460 rubygem-nokogiri: DoS while parsing XML documents

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents...

6.5CVSS6.3AI score0.02083EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/04/02 12:0 a.m.30 views

Rack - Forwarded Header semicolon injection enables Host and Scheme spoofing

Summary Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons, a header such as: http Forwarded: for="127.0.0.1;host=evil.com;proto=https" can be interpreted by Rack as...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/07/16 12:0 a.m.30 views

DoS in REXML

There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem. Details When it parses an XML that has many specific characters such as . REXML gem may take long time. Please update REXML gem to...

4.3CVSS7.2AI score0.01493EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/07/03 12:0 a.m.30 views

Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...

6.5CVSS7.1AI score0.00856EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/02/29 12:0 a.m.30 views

json-jwt allows bypass of identity checks via a sign/encryption confusion attack

The json-jwt aka JSON::JWT gem versions 1.16.5 and below sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS7AI score0.00233EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2023/09/13 12:0 a.m.30 views

Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...

7.5CVSS7AI score0.00666EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2023/06/26 12:0 a.m.30 views

jQuery Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0 allows a remote attacker to execute arbitrary code via the element...

7.3AI score
Exploits5References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.30 views

libxslt Type Confusion vulnerability that affects Nokogiri

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Nokogiri prior to version 1.10.5 used a vulnerable...

5.3CVSS6.4AI score0.05147EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.30 views

Nokogiri contains libxml Out-of-bounds Write vulnerability

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...

8.6CVSS7.2AI score0.0828EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/14 12:0 a.m.30 views

RubyGems Cross-site Scripting vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting XSS vulnerability in gem server display of homepage attribute that can...

6.1CVSS1.3AI score0.02845EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/04/07 12:0 a.m.30 views

Improper one time password handling in devise-two-factor

Impact As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. Patches This vulnerability has been patched in version 4.0.2 which was released on March...

5.3CVSS2.7AI score0.01782EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/04/02 12:0 a.m.30 views

NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby

NULL Pointer Dereference in mrbvmexec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system...

7.1CVSS6.8AI score0.00363EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/07/12 12:0 a.m.30 views

Regular Expression Denial of Service in Addressable templates

Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no...

7.5CVSS7.2AI score0.02199EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities1254