Lucene search
+L
RubygemsRecent

1255 matches found

RubySec
RubySec
added 2021/07/12 12:0 a.m.30 views

Regular Expression Denial of Service in Addressable templates

Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no...

7.5CVSS7.2AI score0.02199EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/07/02 12:0 a.m.26 views

Code injection in Narou

Narou aka Narou.rb before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel...

9.8CVSS7.5AI score0.01441EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/06/30 12:0 a.m.4 views

double free vulnerabliity

mruby 2.1.2 has a double free in mrbdefaultallocf called from mrbfree and objfree...

7.8CVSS7.2AI score0.00991EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/06/21 12:0 a.m.6 views

ckeditor4 vulnerable to cross-site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

6.1CVSS6AI score0.03189EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/06/10 12:0 a.m.23 views

Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions...

7.8CVSS4.3AI score0.00273EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/06/02 12:0 a.m.23 views

Remote code execution in Dragonfly

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features...

9.8CVSS6.3AI score0.72249EPSS
Exploits4References1Affected Software1
RubySec
RubySec
added 2021/05/24 12:0 a.m.16 views

HTTP Request Smuggling in reel

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...

7.5CVSS1AI score0.01334EPSS
Exploits0References1
RubySec
RubySec
added 2021/05/24 12:0 a.m.22 views

Improper certificate validation in em-imap

em-imap 0.5 and earlier use the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...

7.4CVSS5.1AI score0.00751EPSS
Exploits1References1
RubySec
RubySec
added 2021/05/24 12:0 a.m.18 views

Improper Certificate Validation in EM-HTTP-Request

EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...

7.4CVSS5AI score0.00905EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/05/24 12:0 a.m.17 views

HTTP Request Smuggling in goliath

goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to b...

7.5CVSS2.6AI score0.01221EPSS
Exploits0References1
RubySec
RubySec
added 2021/05/18 12:0 a.m.20 views

Potential Denial-of-Service in bindata

In bindata before version 2.4.10, there is a potential denial-of-service vulnerability. In affected versions, it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In combination with .constantize there ...

4.3CVSS4.7AI score0.01866EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/05/11 12:0 a.m.62 views

Keepalive Connections Causing Denial Of Service in puma

Impact The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by...

7.5CVSS7.3AI score0.0196EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/05/07 12:0 a.m.6 views

CKEditor 4.0 vulnerability in the HTML Data Processor

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14.0 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

6.1CVSS5.8AI score0.04327EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/05/06 12:0 a.m.7 views

Command Injection in lodash

lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...

7.2CVSS7.4AI score0.2241EPSS
Exploits3References1Affected Software1
RubySec
RubySec
added 2021/05/05 12:0 a.m.36 views

Possible DoS Vulnerability in Action Controller Token Authentication

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2021-22904. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses...

7.5CVSS4.4AI score0.04808EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/05/05 12:0 a.m.42 views

Possible Denial of Service vulnerability in Action Dispatch

There is a possible Denial of Service vulnerability in the Mime type parser of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2021-22902. Versions Affected: = 6.0.0 Not affected: \sMIMEPARAMETER\s\z/ end end...

7.5CVSS4.1AI score0.02791EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/05/05 12:0 a.m.30 views

Possible Open Redirect Vulnerability in Action Pack

There is a possible Open Redirect Vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22903. Versions Affected: = v6.1.0.rc2 Not affected: v6.1.0.rc2 Fixed Versions: 6.1.3.2 Impact ------ This is similar to CVE-2021-22881: Specially crafted Host headers ...

6.1CVSS2.8AI score0.01224EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/05/05 12:0 a.m.37 views

Possible Information Disclosure / Unintended Method Execution in Action Pack

There is a possible information disclosure / unintended method execution vulnerability in Action Pack which has been assigned the CVE identifier CVE-2021-22885. Versions Affected: = 2.0.0. Not affected: 2.0.0. Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ There is a possible...

7.5CVSS2.5AI score0.04195EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/05/04 12:0 a.m.24 views

Prototype Pollution in handlebars

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. This vulnerability has been assigned the CVE identifier CVE-2021-23383...

9.8CVSS6.6AI score0.04506EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/05/02 12:0 a.m.24 views

RDoc OS command injection vulnerability

RDoc used to call Kernelopen to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run rdo...

7CVSS2.3AI score0.0148EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/04/26 12:0 a.m.23 views

Connection security vulnerability with schema sync

pgsync drops connection parameters when syncing the schema with the --schema-first and --schema-only options. Some of these parameters may affect security. For instance, if sslmode is dropped, the connection may not use SSL. The first connection parameter is not affected. pgsync drops connection...

7.5CVSS2.6AI score0.00731EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/04/22 12:0 a.m.31 views

Improper Certificate Validation in oauth ruby gem

lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information...

7.4CVSS5.2AI score0.00746EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/04/14 12:0 a.m.19 views

Cross-Site Request Forgery (CSRF) in trestle-auth

Impact A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account...

8.1CVSS5.9AI score0.00657EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/04/13 12:0 a.m.22 views

Improper Certificate Validation in Puppet

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...

6.5CVSS1.3AI score0.00823EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/04/13 12:0 a.m.14 views

Improper Certificate Validation in TweetStream

TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...

5.9CVSS2.9AI score0.00862EPSS
Exploits1References1
RubySec
RubySec
added 2021/04/12 12:0 a.m.32 views

Remote code execution in handlebars when compiling templates

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source. This vulnerability has been assigned the CVE identifier CVE-2021-23369...

9.8CVSS7.3AI score0.07028EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2021/04/05 12:0 a.m.15 views

Path traversal in Tempfile on Windows

There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally...

7.5CVSS3.6AI score0.57133EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/04/05 12:0 a.m.26 views

XML round-trip vulnerability in REXML

When parsing and serializing a crafted XML document, REXML gem including the one bundled with Ruby can create a wrong XML document whose structure is different from the original one...

7.5CVSS6.8AI score0.05061EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/03/29 12:0 a.m.13 views

Improper Certificate Validation in twitter-stream

In voloko twitter-stream 0.1.16, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...

5.9CVSS4.7AI score0.00884EPSS
Exploits1References1
RubySec
RubySec
added 2021/03/29 12:0 a.m.15 views

Remote code execution in Kramdown

Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated...

9.8CVSS6.7AI score0.02805EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/03/08 12:0 a.m.31 views

activerecord-session_store Timing Attack

The activerecord-sessionstore aka Active Record Session Store component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a...

6.3CVSS3.1AI score0.03687EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/02/10 12:0 a.m.36 views

Possible Open Redirect in Host Authorization Middleware

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2021-22881. Versions Affected: = 6.0.0 Not affected: a-z0-9.-+|\a-f0-9:a-f0-9.:+\ :\d+? \z /x originhost = validhost.match...

6.1CVSS3.6AI score0.87301EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/02/10 12:0 a.m.33 views

Possible DoS Vulnerability in Active Record PostgreSQL adapter

There is a possible DoS vulnerability in the PostgreSQL adapter in Active Record. This vulnerability has been assigned the CVE identifier CVE-2021-22880. Versions Affected: = 4.2.0 Not affected: 4.2.0 Fixed Versions: 6.1.2.1, 6.0.3.5, 5.2.4.5 Impact ------ Carefully crafted input can cause the...

7.5CVSS3AI score0.04434EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/02/08 12:0 a.m.17 views

Server-side request forgery in CarrierWave

Impact CarrierWave download feature or 1.3.2. Workarounds Using proper network segmentation and applying the principle of least privilege to outbound connections from application servers can reduce the severity of SSRF vulnerabilities. Ideally the vulnerable gem should run on an isolated server...

4.3CVSS6.8AI score0.01173EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/02/08 12:0 a.m.33 views

Code Injection vulnerability in CarrierWave::RMagick

Impact CarrierWave::RMagick has a Code Injection vulnerability. Its manipulate! method inappropriately evals the content of mutation option:read/:write, allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, i...

8.8CVSS7.6AI score0.12678EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/02/01 12:0 a.m.20 views

Mechanize ruby gem Command Injection vulnerability

Impact Mechanize = v2.0, v2.7.7 allows for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJarload: since v2.0...

8.3CVSS6.9AI score0.03507EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/01/26 12:0 a.m.6 views

Regular expression Denial of Service in dialog plugin

Affected packages The vulnerability has been discovered and fixed in the dialog plugin. Packages indirectly affected by the issue having dialog plugin dependency: - Link - Image - Enhanced Image - Code Snippet - Iframe Dialog Impact A potential vulnerability has been discovered in CKEditor 4 dial...

6.5CVSS6.9AI score0.01962EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/01/11 12:0 a.m.28 views

Injection/XSS in Redcarpet

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

6.8CVSS2.5AI score0.0157EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2020/12/30 12:0 a.m.26 views

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability

Description In Nokogiri versions = 1.11.0.rc3, XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainer...

4.3CVSS6.9AI score0.01109EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2020/12/08 12:0 a.m.28 views

omniauth-apple allows attacker to fake their email address during authentication

Impact This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth's Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker's choice including email addresses of other...

7.7CVSS7AI score0.01322EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/11/13 12:0 a.m.27 views

Authorization bypass in Spree

Impact The perpetrator could query the API v2 Order Status https://guides.spreecommerce.org/api/v2/storefronttag/Order-Status endpoint with an empty string passed as an Order token Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Users of Spree 3.7 are not...

7.7CVSS6.7AI score0.01111EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/11/13 12:0 a.m.44 views

Remote code execution in dependabot-core branch names when cloning

Impact Remote code execution vulnerability in dependabot-common and dependabot-gomodules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: "/$curl,127.0.0.1", Dependabot will make a HTTP request to...

8.8CVSS7.6AI score0.02935EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/11/13 12:0 a.m.20 views

Remote code execution in dependabot-core branch names when cloning

Impact Remote code execution vulnerability in dependabot-common and dependabot-gomodules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: "/$curl,127.0.0.1", Dependabot will make a HTTP request to...

8.8CVSS7.6AI score0.02935EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/11/03 12:0 a.m.20 views

Regression in JWT Signature Validation

Overview Versions after and including 2.3.0 are improperly validating the JWT token signature when using the JWTValidator.verify method. Improper validation of the JWT token signature when not using the default Authorization Code Flow can allow an attacker to bypass authentication and...

9.1CVSS7AI score0.00803EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2020/10/20 12:0 a.m.21 views

HTTP Request Smuggling in Agoo

agoo through 2.12.3 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be...

7.5CVSS1.9AI score0.0117EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2020/10/20 12:0 a.m.38 views

Ensure that doorkeeper_token is valid when authenticating requests in API v2 calls

Impact The perpetrator who previously obtained an old expired user token could use it to access Storefront API v2 endpoints. Patches Please upgrade to 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version...

9.1CVSS2.7AI score0.01064EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2020/10/07 12:0 a.m.23 views

Possible XSS Vulnerability in Action Pack in Development Mode

There is a possible XSS vulnerability in Action Pack while the application server is in development mode. This vulnerability is in the Actionable Exceptions middleware. This vulnerability has been assigned the CVE identifier CVE-2020-8264. Versions Affected: = 6.0.0 Not affected: 6.0.0 Fixed...

6.1CVSS4.8AI score0.70717EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/10/05 12:0 a.m.24 views

Possible timing attack in derivation_endpoint

Impact When using the derivationendpoint plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. Patches The problem has been fixed by comparing sent and calculated signature in constant time, using Rack::Utils.securecompare. Users using the...

5.9CVSS6.6AI score0.01007EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2020/09/30 12:0 a.m.31 views

Dependency Confusion in Bundler with Implicit Private Dependencies

Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.17 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that...

9.3CVSS1.7AI score0.06307EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/09/29 12:0 a.m.42 views

Potential HTTP Request Smuggling Vulnerability in WEBrick

WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to "smuggle" a request. See CWE-444 in detail...

7.5CVSS3.1AI score0.03849EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities1255