1255 matches found
RubyGems DNS request hijacking vulnerability
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to down load and install gems from a server that the attacker controls...
Possible XSS Vulnerability in Action View
There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. Impact ------ Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to...
Possible remote code execution vulnerability in Action Pack
There is a possible remote code execution vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2016-2098. Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x Not affected: 5.0+ Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2 Impact ------ Applications that pass unverifi...
Phusion Passenger Server allows to overwrite headers in some cases
It is possible in some cases, for clients to overwrite headers set by the server, resulting in a medium level security issue. Passenger 5 uses an SCGI-inspired format to pass headers to Ruby/Python applications, while Passenger 4 uses an SCGI-inspired format to pass headers to all applications...
Arbitrary file existence disclosure in Action Pack
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether or not the file exists...
Denial of Service Vulnerability in Action View
There is a denial of service vulnerability in the header handling component of Action View...
Cocaine Gem for Ruby contains a flaw
Cocaine Gem for Ruby contains a flaw that is due to the method of variable interpolation used by the program. With a specially crafted object, a context-dependent attacker can execute arbitrary commands...
CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability
Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CPU...
httparty Gem for Ruby Type Casting Parameter Parsing Remote Code Execution
httparty Gem for Ruby contains a flaw that is triggered when a type casting error occurs during the parsing of parameters. This may allow a context-dependent attacker to potentially execute arbitrary code...
CVE-2011-4838 jruby: hash table collisions DoS (oCERT-2011-003)
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...
Ruby memory corruption in BigDecimal on 64bit platforms
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service applicati...
CVE-2008-2726 ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen
Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg +...
CVE-2025-27221 - userinfo leakage in URI#join, URI#merge and URI#+.
There is a possibility for userinfo leakage by in the uri gem. This vulnerability has been assigned the CVE identifier CVE-2025-27221. We recommend upgrading the uri gem. Details The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. Whe...
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted header m...
request_store has Incorrect Default Permissions
Impact The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of thi...
Cross-site scripting (XSS) in the dynamic file uploads
Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...
Race Condition leading to logging errors
In certain setups with threaded web servers, Audited's use of Thread.current can incorrectly attributed audits to the wrong user. Fixed in 5.3.3. In March, @convisoappsec noticed that the library in question had a Race Condition problem, which caused logs to be registered at times with different...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If t...
Improper Handling of Unexpected Data Type in Nokogiri
Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent...
katello SQL Injection vulnerability
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...
A potential Denial of Service issue in protobuf-java
Summary A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. Affected versions: All versions of Java Protobufs including Kotlin and JRuby prior to the versions listed below. Protobuf "javalite" users typically Android are not affected...
Buffer Overrun in CGI.escape_html
A security vulnerability that causes buffer overflow when you pass a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows. Please update the cgi gem to version 0.3.1, 0.2.1, and 0.1.1 or later. You can use gem update cgi to update it. If you a...
Authentication Bypass by CSRF Weakness
Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevise are affected if protectfromforgery method is both: - Executed whether as: - A beforeaction callback the default - A prependbeforeaction option prepend: tr...
Injection/XSS in Redcarpet
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...
omniauth-apple allows attacker to fake their email address during authentication
Impact This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth's Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker's choice including email addresses of other...
XSS vulnerability that affects bootstrap
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute...
XSS vulnerability that affects bootstrap
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute...
Null pointer dereference in mrb_class_real
An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrbclassreal because "class BasicObject" is not properly supported in class.c...
HTML injection/XSS in Sanitize
When Sanitize gem is used in combination with libxml2 = 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements. This can allow HTML and JavaScript injection, which could result in XSS...
Cross-site Scripting in jquery-ui
Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...
Filter Skipping Vulnerability in Ruby on Rails 3.0/actionpack
The template selection functionality in actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping...
Possible XSS Vulnerability in Action View
There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. Impact ------ Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to...
Possible XSS vulnerability in rails-html-sanitizer
There is a possible XSS vulnerability in rails-html-sanitizer. This vulnerability has been assigned the CVE identifier CVE-2015-7578. Versions Affected: All. Not affected: None. Fixed Versions: 1.0.3 Impact ------ There is a possible XSS vulnerability in rails-html-sanitizer. Certain attributes a...
Possible XSS vulnerability in rails-html-sanitizer
There is a possible XSS vulnerability in the white list sanitizer in the rails-html-sanitizer gem. This vulnerability has been assigned the CVE identifier CVE-2015-7580. Versions Affected: All. Not affected: None. Fixed Versions: v1.0.3 Impact ------ Carefully crafted strings can cause user input...
CSRF Vulnerability in jquery-rails
In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to " https://attacker.com" note the leading space that will be passed to JQuery, who will s...
CVE-2013-6461 rubygem-nokogiri: DoS while parsing XML entities
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits...
sprout Gem for Ruby archive_unpacker.rb unpack_zip() Function Multiple Parameter Arbitrary Code Execution
sprout Gem for Ruby contains a flaw in the unpackzip function in archiveunpacker.rb. The issue is due to the program failing to properly sanitize input passed via the 'zipfile', 'dir', 'zipname', and 'output' parameters. This may allow a context-dependent attacker to execute arbitrary code...
XML Parsing Vulnerability affecting JRuby users
The ActiveSupport XML parsing functionality supports multiple pluggable backends. One backend supported for JRuby users is ActiveSupport::XmlMiniJDOM which makes use of the javax.xml.parsers.DocumentBuilder class. In some JVM configurations the default settings of that class can allow an attacker...
CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...
Ruby Memory allocation failure in Ruby regex engine (remotely exploitable DoS)
The regular expression engine regex.c in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service infinite loop and crash via multiple long requests to a Ruby socket, related to memory allocation failure...
CVE-2008-2663 ruby: Integer overflows in rb_ary_store()
Multiple integer overflows in the rbarystore function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than...
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...
Decidim has a cross-site scripting vulnerability in the version control page
Impact The version control feature used in resources is subject to potential cross-site scripting XSS attack through a malformed URL. Workarounds Not available References OWASP ASVS v4.0.3-5.1.3 Credits This issue was discovered in a security audit organized by Open Source Politics against Decidi...
Denial of Service in rack-contrib via "profiler_runs" parameter
rack-contrib prior to version 2.5.0 is vulnerable to a Denial of Service via the profilerruns HTTP request parameter. Versions Affected: = 2.5.0 Impact An attacker can trigger a Denial of Service by sending an HTTP request with an overly large profilerruns parameter. shell curl...
avo vulnerable to stored cross-site scripting (XSS) in key_value field
Summary A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. Details The value of the keyvalue is inserted directly into the HTML code. In the current...
sidekiq Denial of Service vulnerability
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service DoS due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests...
gRPC Reachable Assertion issue
There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...
Code injection in pdf_info
pdfinfo 0.5.3 is vulnerable to Command Execution. An attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization there is no validation performed and the user provided path is used...
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
Impact An authenticated user can perform a remote Denial of Service attack against Fat Free CRM. This vulnerability has been assigned the CVE identifier: CVE-2022-39281 Affected versions: All Not affected: None Fixed versions: 0.20.1 All users running an affected release should either upgrade or...
Nokogiri affected by libxslt Use of Uninitialized Resource/ Use After Free vulnerability
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be...