Lucene search
+L
RubygemsMost viewed

1254 matches found

RubySec
RubySec
•added 2019/07/26 12:0 a.m.•30 views

SQL injection vulnerability via Marginalia::Comment

The 'marginalia' gem is affected by a SQL Injection vulnerability. All SQL queries are affected when a user controller argument is added as a component. This affects users that add a component that is user controller, for instance a parameter or a header. The issue is resolved in version 1.6...

9.8CVSS3.8AI score0.01381EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2019/02/07 12:0 a.m.•30 views

Devise Gem for Ruby Time-of-check Time-of-use race condition with lockable module

Devise ruby gem before 4.6.0 when the lockable module is used is vulnerable to a time-of-check time-of-use TOCTOU race condition due to incrementfailedattempts within the Devise::Models::Lockable class not being concurrency safe...

9.8CVSS2.3AI score0.01556EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2018/11/05 12:0 a.m.•30 views

Possible XSS vulnerability in Rack

There is a possible vulnerability in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16471. Versions Affected: All. Not affected: None. Fixed Versions: 2.0.6, 1.6.11 Impact ------ There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data...

6.1CVSS1AI score0.01816EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2018/08/09 12:0 a.m.•30 views

Malicious ruby gem - active-support

The gem duplicates official activesupport no hyphen code, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain, downloads a payload, and executes. Replace this gem with the official activesupport gem...

10CVSS3.3AI score0.06129EPSS
Exploits1References1
RubySec
RubySec
•added 2018/06/12 12:0 a.m.•30 views

SpawningKit exploits

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in...

9.8CVSS6.5AI score0.01948EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2018/03/07 12:0 a.m.•30 views

rack-protection gem timing attack vulnerability when validating CSRF token

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application...

5.9CVSS4.9AI score0.0245EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2017/10/24 12:0 a.m.•30 views

last_run_report.yaml is world readable

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for lastrunreport.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file...

2.1CVSS6.3AI score0.00481EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2016/08/27 12:0 a.m.•30 views

XSS Vulnerability on closeText option of Dialog jQuery UI

Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...

6.1CVSS6AI score0.2258EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2014/11/17 12:0 a.m.•30 views

Arbitrary file existence disclosure in Action Pack

Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether or not the file exists. This vulnerability is very similar to CVE-2014-7818, but th...

5CVSS3.8AI score0.04162EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2014/07/02 12:0 a.m.•30 views

CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresqladapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. It was...

7.5CVSS8.2AI score0.04278EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2014/02/18 12:0 a.m.•30 views

CVE-2014-0080 rubygem-activerecord: PostgreSQL array data injection vulnerability

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ backslash character...

6.8CVSS7.9AI score0.01304EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2014/01/14 12:0 a.m.•30 views

Ember.js Potential XSS Exploit With User-Supplied Data When Binding Primitive Values

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, we have identified a vulnerability that could lead to unescaped content being inserted into the innerHTML string without being sanitized. When a primitive value...

5.4CVSS1.2AI score0.00686EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2013/05/14 12:0 a.m.•30 views

CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle

1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...

6.4CVSS5.7AI score0.0251EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2012/05/04 12:0 a.m.•30 views

CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS

lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service infinite loop via a crafted Content-Disposion header...

4.3CVSS5.6AI score0.02717EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2011/12/28 12:0 a.m.•30 views

CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003)

Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

5CVSS4.8AI score0.04016EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2011/07/02 12:0 a.m.•30 views

Ruby Random Number Generation Local Denial Of Service Vulnerability

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issu...

5CVSS4.2AI score0.02582EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2009/05/12 12:0 a.m.•30 views

Ruby DL::dlopen could open a library with tainted library name even if $SAFE > 0

DL::dlopen could open a library with tainted library name even if $SAFE 0...

7.5CVSS1.9AI score0.07766EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2008/06/20 12:0 a.m.•30 views

CVE-2008-2664 ruby: Unsafe use of alloca in rb_str_format()

The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...

7.8CVSS6.7AI score0.0428EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2007/09/27 12:0 a.m.•30 views

Ruby Net::HTTPS library does not validate server certificate CN

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

4.3CVSS3.3AI score0.01681EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2024/07/16 12:0 a.m.•29 views

DoS in REXML

There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem. Details When it parses an XML that has many specific characters such as . REXML gem may take long time. Please update REXML gem to...

4.3CVSS7.2AI score0.01493EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2024/03/21 12:0 a.m.•29 views

RCE vulnerability with .rdoc_options in RDoc

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS8.3AI score0.01571EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2024/03/12 12:0 a.m.•29 views

StimulusReflex arbitrary method call

Summary More methods than expected can be called on reflex instances. Being able to call some of them has security implications. Details To invoke a reflex a websocket message of the following shape is sent: json "target": "classnamemethodname", "args": The server will proceed to instantiate refl...

8.8CVSS7AI score0.01555EPSS
Exploits3References1Affected Software1
RubySec
RubySec
•added 2024/02/26 12:0 a.m.•29 views

Rack CORS Middleware has Insecure File Permissions

rack-cors aka Rack CORS Middleware 2.0.1 has 0666 permissions for the .rb files...

9.1CVSS7.1AI score0.00771EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2024/02/21 12:0 a.m.•29 views

Possible Sensitive Session Information Leak in Active Storage

There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2023/07/11 12:0 a.m.•29 views

Decidim vulnerable to sensitive data disclosure

Note: added the actual report as a comment. Summary Decidim, a platform for digital citizen participation, uses a third-party library named Ransack for filtering certain database collections e.g., public meetings. By default, this library allows filtering on all data attributes and associations...

7.5CVSS6.9AI score0.0125EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2023/07/11 12:0 a.m.•29 views

Decidim Cross-site Scripting vulnerability in the external link redirections

Impact The external link feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of...

8.1CVSS6.8AI score0.00816EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2022/05/14 12:0 a.m.•29 views

katello Cross-site Scripting vulnerability

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

5.4CVSS2.9AI score0.00999EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2022/05/14 12:0 a.m.•29 views

AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field

A stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image filename field...

6.1CVSS5.7AI score0.01691EPSS
Exploits2References1Affected Software1
RubySec
RubySec
•added 2022/01/27 12:0 a.m.•29 views

Denial of service in sidekiq

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users...

7.5CVSS3.8AI score0.05258EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2021/11/18 12:0 a.m.•29 views

Authentication Bypass by CSRF Weakness

Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spreeauthdevise are affected if protectfromforgery method is both: Executed whether as: A beforeaction callback the default A prependbeforeaction option prepend: true given...

9.3CVSS6.7AI score0.0052EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2020/06/28 12:0 a.m.•29 views

Unintended read access in kramdown gem

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS2.6AI score0.0456EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2020/05/15 12:0 a.m.•29 views

Potential remote code execution of user-provided local names in ActionView

There was a vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the locals argument of a render call. Versions Affected: rails 5.0.1 Not affected: Applications that do not allow users to control the names of locals. Fixed Versions: 4.2.11.2 Impact ------ ...

8.8CVSS5.3AI score0.83085EPSS
Exploits10References1Affected Software1
RubySec
RubySec
•added 2018/06/12 12:0 a.m.•29 views

Insecure Permissions in Phusion Passenger

"An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of...

8.8CVSS6.3AI score0.01088EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2018/03/28 12:0 a.m.•29 views

DoS by large request in WEBrick

There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby If an attacker sends a large request which contains huge HTTP headers, WEBrick try to process it on memory, so the request causes the out-of-memory DoS attack. All users running an affected release should...

7.5CVSS2.1AI score0.04636EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2017/12/20 12:0 a.m.•29 views

The lazy_initialize function in lib/resolv.rb in Ruby

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

9.8CVSS9.5AI score0.05913EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2017/10/24 12:0 a.m.•29 views

Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

6.2CVSS6.8AI score0.00537EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2017/08/29 12:0 a.m.•29 views

RubyGems DNS request hijacking vulnerability

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to down load and install gems from a server that the attacker controls...

8.1CVSS4.5AI score0.0475EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2016/08/11 12:0 a.m.•29 views

Possible XSS Vulnerability in Action View

There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. Impact ------ Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to...

6.1CVSS1.6AI score0.03438EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2016/06/07 12:0 a.m.•29 views

Denial of service or RCE from libxml2 and libxslt

Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote...

7.5CVSS2.7AI score0.04964EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2016/02/29 12:0 a.m.•29 views

Possible remote code execution vulnerability in Action Pack

There is a possible remote code execution vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2016-2098. Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x Not affected: 5.0+ Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2 Impact ------ Applications that pass unverifi...

7.5CVSS3.4AI score0.81445EPSS
Exploits7References1Affected Software1
RubySec
RubySec
•added 2015/11/23 12:0 a.m.•29 views

Phusion Passenger Server allows to overwrite headers in some cases

It is possible in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. Passenger 5 uses an SCGI-inspired format to pass headers to Ruby/Python applications, while Passenger 4 uses an SCGI-inspired format to pass headers to all applications...

4.3CVSS6.8AI score0.02364EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2014/10/30 12:0 a.m.•29 views

Arbitrary file existence disclosure in Action Pack

Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether or not the file exists...

4.3CVSS4.6AI score0.03457EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2013/12/03 12:0 a.m.•29 views

Denial of Service Vulnerability in Action View

There is a denial of service vulnerability in the header handling component of Action View...

5CVSS2.4AI score0.207EPSS
Exploits2References1Affected Software1
RubySec
RubySec
•added 2013/10/22 12:0 a.m.•29 views

Cocaine Gem for Ruby contains a flaw

Cocaine Gem for Ruby contains a flaw that is due to the method of variable interpolation used by the program. With a specially crafted object, a context-dependent attacker can execute arbitrary commands...

6.8CVSS4.3AI score0.01453EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2013/09/09 12:0 a.m.•29 views

CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability

Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CPU...

4.3CVSS5.9AI score0.03343EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2013/01/14 12:0 a.m.•29 views

httparty Gem for Ruby Type Casting Parameter Parsing Remote Code Execution

httparty Gem for Ruby contains a flaw that is triggered when a type casting error occurs during the parsing of parameters. This may allow a context-dependent attacker to potentially execute arbitrary code...

7.5CVSS7.3AI score0.0441EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2012/12/22 12:0 a.m.•29 views

Ruby on Rails find_by_* Methods Authlogic SQL Injection Bypass

Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL...

7.5CVSS3.3AI score0.04458EPSS
Exploits2References1Affected Software1
RubySec
RubySec
•added 2011/12/27 12:0 a.m.•29 views

CVE-2011-4838 jruby: hash table collisions DoS (oCERT-2011-003)

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

5CVSS6.1AI score0.0436EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2011/03/01 12:0 a.m.•29 views

Ruby memory corruption in BigDecimal on 64bit platforms

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service applicati...

6.8CVSS6.2AI score0.03025EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2008/06/20 12:0 a.m.•29 views

CVE-2008-2726 ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen

Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg +...

7.8CVSS6.7AI score0.03759EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities1254