1255 matches found
Business Logic Errors in Publify
Publify formerly known as Typo prior to version 9.2.7 is vulnerable to business logic errors...
Out-of-bounds Read in mruby/mruby
Out-of-bounds Read in Homebrew mruby prior to 3.2...
NULL Pointer Dereference in mruby/mruby
NULL Pointer Dereference in Homebrew mruby prior to 3.2...
Denial of service in sidekiq
In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users...
NULL Pointer Dereference in mruby/mruby
NULL Pointer Dereference in Homebrew mruby prior to 3.2...
NULL Pointer Dereference in mruby/mruby
mruby is vulnerable to NULL Pointer Dereference...
An untrusted pointer dereference in mrb_vm_exec() of mruby 3.0.0
An untrusted pointer dereference in mrbvmexec of mruby v3.0.0 can lead to a segmentation fault or application crash. PATCH INFO - Mruby 5613 described the issue and Matz cited 5619 and 5620 as "been addressed" on 2/16/2022. - Found the 5619 commit on 12/31/2021 in 3.1.0-rc release. - Found the 56...
A potential Denial of Service issue in protobuf-java
Summary A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. Affected versions: All versions of Java Protobufs including Kotlin and JRuby prior to the versions listed below. Protobuf "javalite" users typically Android are not affected...
Regular Expression Denial of Service (ReDoS) in lodash
All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. Steps to reproduce provided by reporter Liyuan Chen: var lo = require'lodash'; function buildblankn var ret = "1" for var i = 0; i n; i++ ret ...
CSRF forgery protection bypass in solidus_frontend
Impact CSRF vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. All solidusfrontend versions are affected. If you're using your own storefront, please, follow along to make sure you're not affected. To reproduce the issue: - Pick the id for a...
Heap-based Buffer Overflow in mruby/mruby
mruby is vulnerable to Heap-based Buffer Overflow...
NULL Pointer Dereference in mruby/mruby
mruby is vulnerable to NULL Pointer Dereference...
Path traversal when MessageBus::Diagnostics is enabled
Impact Users who deployed message bus with diagnostics features enabled default off were vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is ...
NULL Pointer Dereference in mruby/mruby
mruby is vulnerable to NULL Pointer Dereference...
Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website...
Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile
In bundler versions before 2.2.33, when working with untrusted and apparently harmless Gemfile's, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the Gemfile itself. However, if the Gemfile includes gem entries that use the git optio...
Improper Privilege Management in devise_masquerade
The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...
ReDos vulnerability on guest checkout email validation
Impact Denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like a.a.. Before the patch, it can be reproduced in the console like this: ruby irbmain...
Silent Configuration Failure in Puppet Agent
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'...
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...
Cookie Prefix Spoofing in CGI::Cookie.parse
The old versions of CGI::Cookie.parse applied URL decoding to cookie names. An attacker could exploit this vulnerability to spoof security prefixes in cookie names, which may be able to trick a vulnerable application. By this fix, CGI::Cookie.parse no longer decodes cookie names. Note that this i...
Buffer Overrun in CGI.escape_html
A security vulnerability that causes buffer overflow when you pass a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows. Please update the cgi gem to version 0.3.1, 0.2.1, and 0.1.1 or later. You can use gem update cgi to update it. If you a...
Authentication Bypass by CSRF Weakness
Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spreeauthdevise are affected if protectfromforgery method is both: Executed whether as: A beforeaction callback the default A prependbeforeaction option prepend: true given...
Authentication Bypass by CSRF Weakness
Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of solidusauthdevise are affected if protectfromforgery method is both: - Executed whether as: - A beforeaction callback the default - A prependbeforeaction option prepend: tr...
Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML
Affected packages The vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 Advanced Content Filter ACF core module. The vulnerability allowed to inject malforme...
HTML comments vulnerability allowing to execute JavaScript code
Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed comments HTML...
Regular Expression Denial of Service Vulnerability of Date Parsing Methods
Date's parsing methods including Date.parse are using Regexps internally, some of which are vulnerable against regular expression denial of service. Applications and libraries that apply such methods to untrusted input may be affected. The fix limits the input length up to 128 bytes by default...
Secure/signed cookies share secrets between sites in a multi-site application
Impact This vulnerability impacts any Rails applications using railsmultisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application...
Improper Authorization in Publify
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. guest role users can self-register even when the admin does not allow. This happens due to front-end restriction only...
Improper Authorization in Publify
In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. guest role users can self-register even when the admin does not allow. This happens due to front-end restriction only...
ReDoS vulnerability in parser_apache2
Impact parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. Patches v1.14.2...
XSS in `*Text` options of the Datepicker widget in jquery-ui
Impact Accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $"datepicker".datepicker showButtonPanel: true, showOn: "both", closeText: "doEvilThing'closeText XSS'",...
XSS in the `of` option of the `.position()` util in jquery-ui
Impact Accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. For example, invoking the following code: js $"element".position my: "left top", at: "right bottom", of: "", collision: "none" ; will call the doEvilThing function. Patches The iss...
XSS in the `altField` option of the Datepicker widget in jquery-ui
Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $"datepicker".datepicker altField: "", ; will call the doEvilThing function. Patches The issue is fixed i...
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Impact Prior to puma version 5.5.0, using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. This behavior forwarding LF character...
Remote code execution in ruby-jss
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
Cross-site Scripting in Sidekiq
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used...
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Severity The Nokogiri maintainers have evaluated this as High Severity 7.5 CVSS3.0 for JRuby users. This security advisory does not apply to CRuby users. Impact In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who par...
Open Redirect in clearance
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session:returnto. If the value used for returnto contains multiple leading slashes /////example.com the user ends up being redirected to the external domain that comes after...
Older releases of better_errors open to Cross-Site Request Forgery attack
Impact bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with...
Fake objects feature vulnerability allowing to execute JavaScript code using malformed HTML.
Affected packages The vulnerability has been discovered in Fake Objects plugin. All plugins with Fake Objects plugin dependency are affected: Fake Objects Link Flash Iframe Forms Page Break Impact A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability...
Widget feature vulnerability allowing to execute JavaScript code using undo functionality
Affected packages The vulnerability has been discovered in Widget plugin if used alongside Undo feature. Impact A potential vulnerability has been discovered in CKEditor 4 Widget package. The vulnerability allowed to abuse undo functionality using malformed widget HTML, which could result in...
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality
Affected packages The vulnerability has been discovered in clipboard plugin. All plugins with clipboard plugin dependency are affected: clipboard pastetext pastetools widget uploadwidget autolink tableselection Impact A potential vulnerability has been discovered in CKEditor 4 Clipboard package...
Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22942. Versions Affected: = 6.0.0. Not affected: 6.0.0 Fixed Versions: 6.1.4.1, 6.0.4.1 Impact ------ Specially crafted...
XSS in qiita-markdown
Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796...
Cross-Site Scripting in Qiita::Markdown
Increments Qiita::Markdown before 0.33.0 allows XSS in transformers...
imap - StartTLS stripping attack
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...
Trusting FTP PASV responses vulnerability in Net::FTP
A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed e.g., the attacker can conduct port scans and service banner...
Trusting FTP PASV responses vulnerability in Net::FTP
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise...