Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption

Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16MAX columns. The impact of this heap corruption ranges from Information...

XSS via `translate` method of `ViewComponent::Translatable` in view_component gem

This is an XSS vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an interpolation argument to the translate method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released...

Remote shell execution vulnerability when applying commands from user input

Impact When using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input, this allows the attacker to execute shell commands: rb ImageProcessing::Vips.apply system: "echo EXECUTED" EXECUTED This method is called internally by Active Stora...

CVE-2022-25857 jruby/psych/snakeyaml: Denial of Service (DoS) due missing to nested depth limitation for collections

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections. This package is bundled into Psych which is in turn bundled into jruby...

Out-of-bounds Read in mruby/mruby

Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2...

Update packaged libxml2 (2.9.12 → 2.9.13) and libxslt (1.1.34 → 1.1.35)

Summary Nokogiri v1.13.2 upgrades two of its packaged dependencies: vendored libxml2 from v2.9.12 to v2.9.13 vendored libxslt from v1.1.34 to v1.1.35 Those library versions address the following upstream CVEs: libxslt: CVE-2021-30560 CVSS 8.8, High severity libxml2: CVE-2022-23308 Unspecified...

NULL Pointer Dereference in mruby/mruby

NULL Pointer Dereference in Homebrew mruby prior to 3.2...

Out-of-bounds Read in mruby/mruby

Out-of-bounds Read in Homebrew mruby prior to 3.2...

Heap-based Buffer Overflow in mruby/mruby

Heap-based Buffer Overflow in Homebrew mruby prior to 3.2...

Out-of-bounds Read in mruby/mruby

Out-of-bounds Read in Homebrew mruby prior to 3.2...

Use of Out-of-range Pointer Offset in mruby/mruby

Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2...

Hub Package Arbitrary File Overwrite

The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file...

Heap-based Buffer Overflow in mruby/mruby

Heap-based Buffer Overflow in Homebrew mruby prior to 3.2...

Possible exposure of information vulnerability in Action Pack

Impact Under certain circumstances response bodies will not be closed, for example a bug in a webserver https://github.com/puma/puma/pull/2812 or a bug in a Rack middleware. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for...

Information Exposure with Puma when used with Rails

Impact Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly. From Rails: Under certain circumstances response bodies will no...

Business Logic Errors in Publify

Publify formerly known as Typo prior to version 9.2.7 is vulnerable to business logic errors...

Out-of-bounds Read in mruby/mruby

Out-of-bounds Read in Homebrew mruby prior to 3.2...

NULL Pointer Dereference in mruby/mruby

NULL Pointer Dereference in Homebrew mruby prior to 3.2...

Denial of service in sidekiq

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users...

NULL Pointer Dereference in mruby/mruby

NULL Pointer Dereference in Homebrew mruby prior to 3.2...

NULL Pointer Dereference in mruby/mruby

mruby is vulnerable to NULL Pointer Dereference...

An untrusted pointer dereference in mrb_vm_exec() of mruby 3.0.0

An untrusted pointer dereference in mrbvmexec of mruby v3.0.0 can lead to a segmentation fault or application crash. PATCH INFO - Mruby 5613 described the issue and Matz cited 5619 and 5620 as "been addressed" on 2/16/2022. - Found the 5619 commit on 12/31/2021 in 3.1.0-rc release. - Found the 56...

A potential Denial of Service issue in protobuf-java

Summary A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. Affected versions: All versions of Java Protobufs including Kotlin and JRuby prior to the versions listed below. Protobuf "javalite" users typically Android are not affected...

Regular Expression Denial of Service (ReDoS) in lodash

All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. Steps to reproduce provided by reporter Liyuan Chen: var lo = require'lodash'; function buildblankn var ret = "1" for var i = 0; i n; i++ ret ...

CSRF forgery protection bypass in solidus_frontend

Impact CSRF vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. All solidusfrontend versions are affected. If you're using your own storefront, please, follow along to make sure you're not affected. To reproduce the issue: - Pick the id for a...

Heap-based Buffer Overflow in mruby/mruby

mruby is vulnerable to Heap-based Buffer Overflow...

NULL Pointer Dereference in mruby/mruby

mruby is vulnerable to NULL Pointer Dereference...

Path traversal when MessageBus::Diagnostics is enabled

Impact Users who deployed message bus with diagnostics features enabled default off were vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is ...

NULL Pointer Dereference in mruby/mruby

mruby is vulnerable to NULL Pointer Dereference...

Possible Open Redirect in Host Authorization Middleware

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website...

Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile

In bundler versions before 2.2.33, when working with untrusted and apparently harmless Gemfile's, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the Gemfile itself. However, if the Gemfile includes gem entries that use the git optio...

Improper Privilege Management in devise_masquerade

The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...

ReDos vulnerability on guest checkout email validation

Impact Denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like a.a.. Before the patch, it can be reproduced in the console like this: ruby irbmain...

Unsafe HTTP Redirect in Puppet Agent and Puppet Server

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...

Silent Configuration Failure in Puppet Agent

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'...

Buffer Overrun in CGI.escape_html

A security vulnerability that causes buffer overflow when you pass a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows. Please update the cgi gem to version 0.3.1, 0.2.1, and 0.1.1 or later. You can use gem update cgi to update it. If you a...

Cookie Prefix Spoofing in CGI::Cookie.parse

The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. By this fix, CGI::Cookie.parse no longer decodes cookie names. Note that this i...

Authentication Bypass by CSRF Weakness

Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevise are affected if protectfromforgery method is both: - Executed whether as: - A beforeaction callback the default - A prependbeforeaction option prepend: tr...

Authentication Bypass by CSRF Weakness

Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spreeauthdevise are affected if protectfromforgery method is both: Executed whether as: A beforeaction callback the default A prependbeforeaction option prepend: true given...

HTML comments vulnerability allowing to execute JavaScript code

Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed comments HTML...

Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML

Affected packages The vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 Advanced Content Filter ACF core module. The vulnerability allowed to inject malforme...

Secure/signed cookies share secrets between sites in a multi-site application

Impact This vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application...

Regular Expression Denial of Service Vulnerability of Date Parsing Methods

Date's parsing methods including Date.parse are using Regexps internally, some of which are vulnerable against regular expression denial of service. Applications and libraries that apply such methods to untrusted input may be affected. The fix limits the input length up to 128 bytes by default...

Improper Authorization in Publify

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. guest role users can self-register even when the admin does not allow. This happens due to front-end restriction only...

Improper Authorization in Publify

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. guest role users can self-register even when the admin does not allow. This happens due to front-end restriction only...

ReDoS vulnerability in parser_apache2

Impact parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. Patches v1.14.2...

XSS in the `of` option of the `.position()` util in jquery-ui

Impact Accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. For example, invoking the following code: js $"element".position my: "left top", at: "right bottom", of: "", collision: "none" ; will call the doEvilThing function. Patches The iss...

XSS in the `altField` option of the Datepicker widget in jquery-ui

Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $"datepicker".datepicker altField: "", ; will call the doEvilThing function. Patches The issue is fixed i...

XSS in `*Text` options of the Datepicker widget in jquery-ui

Impact Accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $"datepicker".datepicker showButtonPanel: true, showOn: "both", closeText: "doEvilThing'closeText XSS'",...

Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...