Lucene search
+L
RubygemsMost viewed

1254 matches found

RubySec
RubySec
•added 2008/06/20 12:0 a.m.•29 views

CVE-2008-2726 ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen

Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg +...

7.8CVSS6.7AI score0.03759EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2025/02/26 12:0 a.m.•28 views

CVE-2025-27221 - userinfo leakage in URI#join, URI#merge and URI#+.

There is a possibility for userinfo leakage by in the uri gem. This vulnerability has been assigned the CVE identifier CVE-2025-27221. We recommend upgrading the uri gem. Details The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. Whe...

5.3CVSS6.9AI score0.00472EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2024/10/15 12:0 a.m.•28 views

Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted header m...

8.7CVSS7.2AI score0.01048EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2024/09/18 12:0 a.m.•28 views

Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...

9.9CVSS8.6AI score0.35461EPSS
Exploits2References1Affected Software1
RubySec
RubySec
•added 2024/08/23 12:0 a.m.•28 views

request_store has Incorrect Default Permissions

Impact The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of thi...

7.8CVSS7.6AI score0.00194EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2024/02/20 12:0 a.m.•28 views

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS6AI score0.00493EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2023/05/01 12:0 a.m.•28 views

Race Condition leading to logging errors

In certain setups with threaded web servers, Audited's use of Thread.current can incorrectly attributed audits to the wrong user. Fixed in 5.3.3. In March, @convisoappsec noticed that the library in question had a Race Condition problem, which caused logs to be registered at times with different...

3.1CVSS7AI score0.00494EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2023/04/20 12:0 a.m.•28 views

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay

Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If t...

7.1CVSS6.5AI score0.0045EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2022/06/07 12:0 a.m.•28 views

JMESPath for Ruby using JSON.load instead of JSON.parse

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

9.8CVSS1.9AI score0.02131EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2022/05/23 12:0 a.m.•28 views

Improper Handling of Unexpected Data Type in Nokogiri

Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent...

8.2CVSS2.8AI score0.03078EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2022/05/13 12:0 a.m.•28 views

katello SQL Injection vulnerability

A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...

4.3CVSS4.4AI score0.01428EPSS
Exploits0References1
RubySec
RubySec
•added 2022/01/07 12:0 a.m.•28 views

A potential Denial of Service issue in protobuf-java

Summary A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. Affected versions: All versions of Java Protobufs including Kotlin and JRuby prior to the versions listed below. Protobuf "javalite" users typically Android are not affected...

7.5CVSS6.6AI score0.01655EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2021/11/24 12:0 a.m.•28 views

Buffer Overrun in CGI.escape_html

A security vulnerability that causes buffer overflow when you pass a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows. Please update the cgi gem to version 0.3.1, 0.2.1, and 0.1.1 or later. You can use gem update cgi to update it. If you a...

9.8CVSS7.2AI score0.04766EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2021/11/18 12:0 a.m.•28 views

Authentication Bypass by CSRF Weakness

Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevise are affected if protectfromforgery method is both: - Executed whether as: - A beforeaction callback the default - A prependbeforeaction option prepend: tr...

9.3CVSS6.7AI score0.00609EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2021/01/11 12:0 a.m.•28 views

Injection/XSS in Redcarpet

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

6.8CVSS2.5AI score0.0157EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2020/12/08 12:0 a.m.•28 views

omniauth-apple allows attacker to fake their email address during authentication

Impact This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth's Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker's choice including email addresses of other...

7.7CVSS7AI score0.01322EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2019/10/22 12:0 a.m.•28 views

Loofah XSS Vulnerability

In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

5.4CVSS1AI score0.01554EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2019/01/17 12:0 a.m.•28 views

XSS vulnerability that affects bootstrap

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute...

6.1CVSS6.1AI score0.03835EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2018/03/19 12:0 a.m.•28 views

HTML injection/XSS in Sanitize

When Sanitize gem is used in combination with libxml2 = 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements. This can allow HTML and JavaScript injection, which could result in XSS...

7.5CVSS1.9AI score0.0152EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2017/10/24 12:0 a.m.•28 views

Cross-site Scripting in jquery-ui

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

6.1CVSS6AI score0.18351EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2017/10/24 12:0 a.m.•28 views

Filter Skipping Vulnerability in Ruby on Rails 3.0/actionpack

The template selection functionality in actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping...

5CVSS6.7AI score0.01813EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2017/10/24 12:0 a.m.•28 views

Cross-site Scripting vulnerability in i18n translations helper method

A cross-site scripting XSS flaw was found in the way the 'translate' helper method of the Ruby on Rails performed HTML escaping of interpolated user input, when interpolation in combination with HTML-safe translations were used. A remote attacker could use this flaw to execute arbitrary HTML or w...

4.3CVSS5.8AI score0.01578EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2016/08/11 12:0 a.m.•28 views

Possible XSS Vulnerability in Action View

There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. Impact ------ Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to...

6.1CVSS1.6AI score0.03438EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2016/01/25 12:0 a.m.•28 views

Possible XSS vulnerability in rails-html-sanitizer

There is a possible XSS vulnerability in the white list sanitizer in the rails-html-sanitizer gem. This vulnerability has been assigned the CVE identifier CVE-2015-7580. Versions Affected: All. Not affected: None. Fixed Versions: v1.0.3 Impact ------ Carefully crafted strings can cause user input...

6.1CVSS1.4AI score0.02196EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2016/01/25 12:0 a.m.•28 views

Possible XSS vulnerability in rails-html-sanitizer

There is a possible XSS vulnerability in rails-html-sanitizer. This vulnerability has been assigned the CVE identifier CVE-2015-7578. Versions Affected: All. Not affected: None. Fixed Versions: 1.0.3 Impact ------ There is a possible XSS vulnerability in rails-html-sanitizer. Certain attributes a...

6.1CVSS3.6AI score0.02485EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2015/06/16 12:0 a.m.•28 views

CSRF Vulnerability in jquery-rails

In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" note the leading space that will be passed to JQuery, who will s...

5CVSS6.3AI score0.04397EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2013/12/14 12:0 a.m.•28 views

CVE-2013-6461 rubygem-nokogiri: DoS while parsing XML entities

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits...

6.5CVSS6.4AI score0.02194EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2013/04/13 12:0 a.m.•28 views

md2pdf Gem for Ruby md2pdf/converter.rb File Name Shell Metacharacter Injection Arbitrary Command Execution

md2pdf Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to md2pdf/converter.rb. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...

10CVSS6.8AI score0.02161EPSS
Exploits3References1
RubySec
RubySec
•added 2013/03/19 12:0 a.m.•28 views

XML Parsing Vulnerability affecting JRuby users

The ActiveSupport XML parsing functionality supports multiple pluggable backends. One backend supported for JRuby users is ActiveSupport::XmlMiniJDOM which makes use of the javax.xml.parsers.DocumentBuilder class. In some JVM configurations the default settings of that class can allow an attacker...

5.8CVSS4.2AI score0.02054EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2012/04/20 12:0 a.m.•28 views

CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...

5.8CVSS6AI score0.02477EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2008/08/14 12:0 a.m.•28 views

Ruby Memory allocation failure in Ruby regex engine (remotely exploitable DoS)

The regular expression engine regex.c in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service infinite loop and crash via multiple long requests to a Ruby socket, related to memory allocation failure...

5CVSS6.6AI score0.15678EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2008/06/20 12:0 a.m.•28 views

CVE-2008-2663 ruby: Integer overflows in rb_ary_store()

Multiple integer overflows in the rbarystore function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than...

10CVSS6.6AI score0.04456EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2024/10/01 12:0 a.m.•27 views

Decidim has a cross-site scripting vulnerability in the version control page

Impact The version control feature used in resources is subject to potential cross-site scripting XSS attack through a malformed URL. Workarounds Not available References OWASP ASVS v4.0.3-5.1.3 Credits This issue was discovered in a security audit organized by Open Source Politics against Decidi...

7.1CVSS6.1AI score0.004EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2024/05/27 12:0 a.m.•27 views

Denial of Service in rack-contrib via "profiler_runs" parameter

rack-contrib prior to version 2.5.0 is vulnerable to a Denial of Service via the profilerruns HTTP request parameter. Versions Affected: = 2.5.0 Impact An attacker can trigger a Denial of Service by sending an HTTP request with an overly large profilerruns parameter. shell curl...

8.6CVSS6.9AI score0.00662EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2024/01/16 12:0 a.m.•27 views

avo vulnerable to stored cross-site scripting (XSS) in key_value field

Summary A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. Details The value of the keyvalue is inserted directly into the HTML code. In the current...

7.3CVSS6.4AI score0.00745EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2023/07/06 12:0 a.m.•27 views

gRPC Reachable Assertion issue

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...

7.5CVSS6.7AI score0.00412EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2023/02/24 12:0 a.m.•27 views

Code injection in pdf_info

pdfinfo 0.5.3 is vulnerable to Command Execution. An attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization there is no validation performed and the user provided path is used...

9.8CVSS3.9AI score0.03014EPSS
Exploits2References1
RubySec
RubySec
•added 2022/05/24 12:0 a.m.•27 views

Nokogiri affected by libxslt Use of Uninitialized Resource/ Use After Free vulnerability

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be...

7.5CVSS6.9AI score0.04446EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2022/05/14 12:0 a.m.•27 views

Ruby OpenSSL DoS Vulnerability

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service interpreter crash via a crafted string...

7.5CVSS6.5AI score0.07734EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2022/05/13 12:0 a.m.•27 views

Tarball permission preservation in puppet

When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user's umask. When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created...

5.5CVSS3AI score0.00363EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2022/03/03 12:0 a.m.•28 views

Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption

Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16MAX columns. The impact of this heap corruption ranges from Information...

9.8CVSS7.1AI score0.0145EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2021/09/13 12:0 a.m.•27 views

Open Redirect in clearance

This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session:returnto. If the value used for returnto contains multiple leading slashes /////example.com the user ends up being redirected to the external domain that comes after...

7.6CVSS1.1AI score0.00697EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2020/11/13 12:0 a.m.•27 views

Authorization bypass in Spree

Impact The perpetrator could query the API v2 Order Status https://guides.spreecommerce.org/api/v2/storefronttag/Order-Status endpoint with an empty string passed as an Order token Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Users of Spree 3.7 are not...

7.7CVSS6.7AI score0.01111EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2020/05/18 12:0 a.m.•27 views

Possible Strong Parameters Bypass in ActionPack

There is a strong parameters bypass vector in ActionPack. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ In some cases user supplied information can be inadvertently leaked from Strong Parameters. Specifically the return value of each, or eachvalue, or eachpair will return the...

7.5CVSS2.8AI score0.04198EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2020/05/05 12:0 a.m.•27 views

activeresource Gem for Ruby lib/active_resource/base.rb element_path Lack of Encoding

activeresource contains a lack of encoding flaw in the elementpath function of lib/activeresource/base.rb. There is an issue with the way Active Resource encodes data before querying the back end server. This encoding mechanism can allow specially crafted requests to possibly access data that may...

7.5CVSS2.9AI score0.02224EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2019/12/18 12:0 a.m.•27 views

Possible information leak / session hijack vulnerability

There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that...

6.3CVSS6.4AI score0.03687EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2019/08/20 12:0 a.m.•27 views

Code execution backdoor in coin_base

The coinbase gem 4.2.1 through 4.2.2 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. No unaffected version is known to exist, as the gem appears to have been entirely removed...

9.8CVSS5.4AI score0.0355EPSS
Exploits0References1
RubySec
RubySec
•added 2019/04/04 12:0 a.m.•27 views

Remote code execution in bootstrap-sass

Arbitrary code execution via backdoor code, when downloaded from rubygems.org was discovered in bootstrap-sass 3.2.0.3. Users are advised to upgrade immediately to 3.2.0.4 An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can b...

10CVSS6.2AI score0.04923EPSS
Exploits1References1Affected Software1
RubySec
RubySec
•added 2019/03/05 12:0 a.m.•27 views

Escape sequence injection vulnerability in errors

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...

7.5CVSS3.2AI score0.03372EPSS
Exploits0References1Affected Software1
RubySec
RubySec
•added 2019/01/17 12:0 a.m.•27 views

XSS vulnerability that affects bootstrap

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute...

6.1CVSS6.1AI score0.03835EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities1254