1254 matches found
CVE-2008-2726 ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen
Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg +...
CVE-2025-27221 - userinfo leakage in URI#join, URI#merge and URI#+.
There is a possibility for userinfo leakage by in the uri gem. This vulnerability has been assigned the CVE identifier CVE-2025-27221. We recommend upgrading the uri gem. Details The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. Whe...
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted header m...
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...
request_store has Incorrect Default Permissions
Impact The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of thi...
Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...
Race Condition leading to logging errors
In certain setups with threaded web servers, Audited's use of Thread.current can incorrectly attributed audits to the wrong user. Fixed in 5.3.3. In March, @convisoappsec noticed that the library in question had a Race Condition problem, which caused logs to be registered at times with different...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If t...
JMESPath for Ruby using JSON.load instead of JSON.parse
jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...
Improper Handling of Unexpected Data Type in Nokogiri
Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent...
katello SQL Injection vulnerability
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...
A potential Denial of Service issue in protobuf-java
Summary A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. Affected versions: All versions of Java Protobufs including Kotlin and JRuby prior to the versions listed below. Protobuf "javalite" users typically Android are not affected...
Buffer Overrun in CGI.escape_html
A security vulnerability that causes buffer overflow when you pass a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows. Please update the cgi gem to version 0.3.1, 0.2.1, and 0.1.1 or later. You can use gem update cgi to update it. If you a...
Authentication Bypass by CSRF Weakness
Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevise are affected if protectfromforgery method is both: - Executed whether as: - A beforeaction callback the default - A prependbeforeaction option prepend: tr...
Injection/XSS in Redcarpet
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...
omniauth-apple allows attacker to fake their email address during authentication
Impact This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth's Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker's choice including email addresses of other...
Loofah XSS Vulnerability
In the Loofah gem, through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...
XSS vulnerability that affects bootstrap
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute...
HTML injection/XSS in Sanitize
When Sanitize gem is used in combination with libxml2 = 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements. This can allow HTML and JavaScript injection, which could result in XSS...
Cross-site Scripting in jquery-ui
Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...
Filter Skipping Vulnerability in Ruby on Rails 3.0/actionpack
The template selection functionality in actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping...
Cross-site Scripting vulnerability in i18n translations helper method
A cross-site scripting XSS flaw was found in the way the 'translate' helper method of the Ruby on Rails performed HTML escaping of interpolated user input, when interpolation in combination with HTML-safe translations were used. A remote attacker could use this flaw to execute arbitrary HTML or w...
Possible XSS Vulnerability in Action View
There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. Impact ------ Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to...
Possible XSS vulnerability in rails-html-sanitizer
There is a possible XSS vulnerability in the white list sanitizer in the rails-html-sanitizer gem. This vulnerability has been assigned the CVE identifier CVE-2015-7580. Versions Affected: All. Not affected: None. Fixed Versions: v1.0.3 Impact ------ Carefully crafted strings can cause user input...
Possible XSS vulnerability in rails-html-sanitizer
There is a possible XSS vulnerability in rails-html-sanitizer. This vulnerability has been assigned the CVE identifier CVE-2015-7578. Versions Affected: All. Not affected: None. Fixed Versions: 1.0.3 Impact ------ There is a possible XSS vulnerability in rails-html-sanitizer. Certain attributes a...
CSRF Vulnerability in jquery-rails
In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" note the leading space that will be passed to JQuery, who will s...
CVE-2013-6461 rubygem-nokogiri: DoS while parsing XML entities
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits...
md2pdf Gem for Ruby md2pdf/converter.rb File Name Shell Metacharacter Injection Arbitrary Command Execution
md2pdf Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to md2pdf/converter.rb. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...
XML Parsing Vulnerability affecting JRuby users
The ActiveSupport XML parsing functionality supports multiple pluggable backends. One backend supported for JRuby users is ActiveSupport::XmlMiniJDOM which makes use of the javax.xml.parsers.DocumentBuilder class. In some JVM configurations the default settings of that class can allow an attacker...
CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...
Ruby Memory allocation failure in Ruby regex engine (remotely exploitable DoS)
The regular expression engine regex.c in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service infinite loop and crash via multiple long requests to a Ruby socket, related to memory allocation failure...
CVE-2008-2663 ruby: Integer overflows in rb_ary_store()
Multiple integer overflows in the rbarystore function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than...
Decidim has a cross-site scripting vulnerability in the version control page
Impact The version control feature used in resources is subject to potential cross-site scripting XSS attack through a malformed URL. Workarounds Not available References OWASP ASVS v4.0.3-5.1.3 Credits This issue was discovered in a security audit organized by Open Source Politics against Decidi...
Denial of Service in rack-contrib via "profiler_runs" parameter
rack-contrib prior to version 2.5.0 is vulnerable to a Denial of Service via the profilerruns HTTP request parameter. Versions Affected: = 2.5.0 Impact An attacker can trigger a Denial of Service by sending an HTTP request with an overly large profilerruns parameter. shell curl...
avo vulnerable to stored cross-site scripting (XSS) in key_value field
Summary A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. Details The value of the keyvalue is inserted directly into the HTML code. In the current...
gRPC Reachable Assertion issue
There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...
Code injection in pdf_info
pdfinfo 0.5.3 is vulnerable to Command Execution. An attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization there is no validation performed and the user provided path is used...
Nokogiri affected by libxslt Use of Uninitialized Resource/ Use After Free vulnerability
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be...
Ruby OpenSSL DoS Vulnerability
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service interpreter crash via a crafted string...
Tarball permission preservation in puppet
When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user's umask. When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created...
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16MAX columns. The impact of this heap corruption ranges from Information...
Open Redirect in clearance
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session:returnto. If the value used for returnto contains multiple leading slashes /////example.com the user ends up being redirected to the external domain that comes after...
Authorization bypass in Spree
Impact The perpetrator could query the API v2 Order Status https://guides.spreecommerce.org/api/v2/storefronttag/Order-Status endpoint with an empty string passed as an Order token Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Users of Spree 3.7 are not...
Possible Strong Parameters Bypass in ActionPack
There is a strong parameters bypass vector in ActionPack. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ In some cases user supplied information can be inadvertently leaked from Strong Parameters. Specifically the return value of each, or eachvalue, or eachpair will return the...
activeresource Gem for Ruby lib/active_resource/base.rb element_path Lack of Encoding
activeresource contains a lack of encoding flaw in the elementpath function of lib/activeresource/base.rb. There is an issue with the way Active Resource encodes data before querying the back end server. This encoding mechanism can allow specially crafted requests to possibly access data that may...
Possible information leak / session hijack vulnerability
There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that...
Code execution backdoor in coin_base
The coinbase gem 4.2.1 through 4.2.2 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. No unaffected version is known to exist, as the gem appears to have been entirely removed...
Remote code execution in bootstrap-sass
Arbitrary code execution via backdoor code, when downloaded from rubygems.org was discovered in bootstrap-sass 3.2.0.3. Users are advised to upgrade immediately to 3.2.0.4 An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can b...
Escape sequence injection vulnerability in errors
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...
XSS vulnerability that affects bootstrap
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute...