1254 matches found
SQL injection vulnerability via Marginalia::Comment
The 'marginalia' gem is affected by a SQL Injection vulnerability. All SQL queries are affected when a user controller argument is added as a component. This affects users that add a component that is user controller, for instance a parameter or a header. The issue is resolved in version 1.6...
Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module
Devise ruby gem before 4.6.0 when the lockable module is used is vulnerable to a time-of-check time-of-use TOCTOU race condition due to incrementfailedattempts within the Devise::Models::Lockable class not being concurrency safe...
Possible XSS vulnerability in Rack
There is a possible vulnerability in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16471. Versions Affected: All. Not affected: None. Fixed Versions: 2.0.6, 1.6.11 Impact ------ There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data...
Malicious ruby gem - active-support
The gem duplicates official activesupport no hyphen code, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain, downloads a payload, and executes. Replace this gem with the official activesupport gem...
SpawningKit exploits
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in...
rack-protection gem timing attack vulnerability when validating CSRF token
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application...
last_run_report.yaml is world readable
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for lastrunreport.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file...
XSS Vulnerability on closeText option of Dialog jQuery UI
Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...
Arbitrary file existence disclosure in Action Pack
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether or not the file exists. This vulnerability is very similar to CVE-2014-7818, but th...
CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresqladapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. It was...
CVE-2014-0080 rubygem-activerecord: PostgreSQL array data injection vulnerability
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ backslash character...
Ember.js Potential XSS Exploit With User-Supplied Data When Binding Primitive Values
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, we have identified a vulnerability that could lead to unescaped content being inserted into the innerHTML string without being sanitized. When a primitive value...
CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle
1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...
CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service infinite loop via a crafted Content-Disposion header...
CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003)
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...
Ruby Random Number Generation Local Denial Of Service Vulnerability
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issu...
Ruby DL::dlopen could open a library with tainted library name even if $SAFE > 0
DL::dlopen could open a library with tainted library name even if $SAFE 0...
CVE-2008-2664 ruby: Unsafe use of alloca in rb_str_format()
The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...
Ruby Net::HTTPS library does not validate server certificate CN
The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...
DoS in REXML
There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem. Details When it parses an XML that has many specific characters such as . REXML gem may take long time. Please update REXML gem to...
RCE vulnerability with .rdoc_options in RDoc
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...
StimulusReflex arbitrary method call
Summary More methods than expected can be called on reflex instances. Being able to call some of them has security implications. Details To invoke a reflex a websocket message of the following shape is sent: json "target": "classnamemethodname", "args": The server will proceed to instantiate refl...
Rack CORS Middleware has Insecure File Permissions
rack-cors aka Rack CORS Middleware 2.0.1 has 0666 permissions for the .rb files...
Possible Sensitive Session Information Leak in Active Storage
There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak...
Decidim vulnerable to sensitive data disclosure
Note: added the actual report as a comment. Summary Decidim, a platform for digital citizen participation, uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default, this library allows filtering on all data attributes and associations...
Decidim Cross-site Scripting vulnerability in the external link redirections
Impact The external link feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of...
katello Cross-site Scripting vulnerability
A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...
AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field
A stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image filename field...
Denial of service in sidekiq
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users...
Authentication Bypass by CSRF Weakness
Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spreeauthdevise are affected if protectfromforgery method is both: Executed whether as: A beforeaction callback the default A prependbeforeaction option prepend: true given...
Unintended read access in kramdown gem
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
Potential remote code execution of user-provided local names in ActionView
There was a vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the locals argument of a render call. Versions Affected: rails 5.0.1 Not affected: Applications that do not allow users to control the names of locals. Fixed Versions: 4.2.11.2 Impact ------ ...
Insecure Permissions in Phusion Passenger
"An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of...
DoS by large request in WEBrick
There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby If an attacker sends a large request which contains huge HTTP headers, WEBrick try to process it on memory, so the request causes the out-of-memory DoS attack. All users running an affected release should...
The lazy_initialize function in lib/resolv.rb in Ruby
The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...
Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet
Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...
RubyGems DNS request hijacking vulnerability
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to down load and install gems from a server that the attacker controls...
Possible XSS Vulnerability in Action View
There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. Impact ------ Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to...
Denial of service or RCE from libxml2 and libxslt
Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote...
Possible remote code execution vulnerability in Action Pack
There is a possible remote code execution vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2016-2098. Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x Not affected: 5.0+ Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2 Impact ------ Applications that pass unverifi...
Phusion Passenger Server allows to overwrite headers in some cases
It is possible in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. Passenger 5 uses an SCGI-inspired format to pass headers to Ruby/Python applications, while Passenger 4 uses an SCGI-inspired format to pass headers to all applications...
Arbitrary file existence disclosure in Action Pack
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether or not the file exists...
Denial of Service Vulnerability in Action View
There is a denial of service vulnerability in the header handling component of Action View...
Cocaine Gem for Ruby contains a flaw
Cocaine Gem for Ruby contains a flaw that is due to the method of variable interpolation used by the program. With a specially crafted object, a context-dependent attacker can execute arbitrary commands...
CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability
Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CPU...
httparty Gem for Ruby Type Casting Parameter Parsing Remote Code Execution
httparty Gem for Ruby contains a flaw that is triggered when a type casting error occurs during the parsing of parameters. This may allow a context-dependent attacker to potentially execute arbitrary code...
Ruby on Rails find_by_* Methods Authlogic SQL Injection Bypass
Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL...
CVE-2011-4838 jruby: hash table collisions DoS (oCERT-2011-003)
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...
Ruby memory corruption in BigDecimal on 64bit platforms
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service applicati...
CVE-2008-2726 ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen
Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg +...