Lucene search
K
RubygemsRecent

1232 matches found

RubySec
RubySec
added 2019/10/01 12:0 a.m.43 views

A code injection vulnerability of Shell#[] and Shell#test

Shell and its alias Shelltest defined in lib/shell.rb allow code injection if the first argument aka the “command” argument is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. Note that passing untrusted data to methods of Shell is dangerous in general. Users must...

8.1CVSS3.2AI score0.04221EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/09/27 12:0 a.m.13 views

simple_form Gem for Ruby Incorrect Access Control for forms based on user input

Simple Form before 5.0 has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call. This only happens for pages that build forms based on user input...

9.8CVSS1.4AI score0.034EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/09/23 12:0 a.m.18 views

padrino-contrib XSS via caption parameter of breadcrumbs helper

The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption...

6.1CVSS3.6AI score0.00832EPSS
Exploits0References1
RubySec
RubySec
added 2019/09/23 12:0 a.m.30 views

Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly

With the consul ruby gem before 1.0.3, if a controller checks multiple powers using :if or :except conditions, these conditions are erroneously applied to all power checks in that controller. This can lead to skipped power checks and hence unauthenticated access to certain controller actions...

9.8CVSS3.2AI score0.02643EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/09/12 12:0 a.m.21 views

Denial of Service in rubyzip ("zip bombs")

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service disk consumption...

7.1CVSS4.6AI score0.01581EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/09/08 12:0 a.m.32 views

Devise Gem for Ruby confirmation token validation with a blank string

Devise before 4.7.1 confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records would exist...

5.3CVSS1.3AI score0.01832EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/08/29 12:0 a.m.18 views

OS Command Injection in Rake

There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...

6.9CVSS2.5AI score0.01359EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/08/21 12:0 a.m.17 views

fat_free_crm XSS via query parameter of tags_helper method

Fat Free CRM before 0.18.1 has XSS in the tagshelper in app/helpers/tagshelper.rb...

6.1CVSS6AI score0.01246EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/08/20 12:0 a.m.18 views

Code execution backdoor in cron_parser

The cronparser gem 0.1.4, 1.0.12, and 1.0.13 as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. No unaffected version is known to exist, as the gem appears to have been entirely removed...

9.8CVSS5.7AI score0.0355EPSS
Exploits0References1
RubySec
RubySec
added 2019/08/20 12:0 a.m.16 views

Code execution backdoor in awesome-bot

The awesome-bot gem 1.18.0 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 1.17.2 or upgrading to 1.19.x...

9.8CVSS5.4AI score0.0355EPSS
Exploits0References1
RubySec
RubySec
added 2019/08/20 12:0 a.m.17 views

Code execution backdoor in coming-soon

The coming-soon gem 0.2.8 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. No unaffected version is known to exist, as the gem appears to have been entirely removed...

9.8CVSS5.4AI score0.0355EPSS
Exploits0References1
RubySec
RubySec
added 2019/08/20 12:0 a.m.20 views

Code execution backdoor in doge-coin

The doge-coin gem 1.0.2 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 1.0.1...

9.8CVSS5.6AI score0.0355EPSS
Exploits0References1
RubySec
RubySec
added 2019/08/20 12:0 a.m.25 views

Code execution backdoor in coin_base

The coinbase gem 4.2.1 through 4.2.2 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. No unaffected version is known to exist, as the gem appears to have been entirely removed...

9.8CVSS5.4AI score0.0355EPSS
Exploits0References1
RubySec
RubySec
added 2019/08/20 12:0 a.m.18 views

Code execution backdoor in blockchain_wallet

The blockchainwallet gem 0.0.6 through 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 0.0.5...

9.8CVSS5.6AI score0.0355EPSS
Exploits0References1
RubySec
RubySec
added 2019/08/20 12:0 a.m.16 views

Code execution backdoor in omniauth_amazon

The omniauthamazon gem 1.0.1 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 1.0.1...

9.8CVSS6.8AI score0.0355EPSS
Exploits0References1
RubySec
RubySec
added 2019/08/20 12:0 a.m.21 views

Code execution backdoor in capistrano-colors

The capistrano-colors 0.5.5 gem for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 0.5.4...

9.8CVSS5.6AI score0.0355EPSS
Exploits0References1
RubySec
RubySec
added 2019/08/20 12:0 a.m.21 views

Code execution backdoor in bitcoin_vanity

The bitcoinvanity gem 4.3.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. No unaffected version is known to exist, as the gem appears to have been entirely removed...

9.8CVSS5.4AI score0.0355EPSS
Exploits0References1
RubySec
RubySec
added 2019/08/20 12:0 a.m.16 views

Code execution backdoor in lita_coin

The litacoin gem 0.0.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. No unaffected version is known to exist, as the gem appears to have been entirely removed...

9.8CVSS5.4AI score0.0355EPSS
Exploits0References1
RubySec
RubySec
added 2019/08/19 12:0 a.m.23 views

Code execution backdoor in rest-client

The rest-client gem 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...

9.8CVSS2.7AI score0.0355EPSS
Exploits0References1
RubySec
RubySec
added 2019/08/11 12:0 a.m.22 views

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being passed untrusted user input. This vulnerability appears...

9.8CVSS3.2AI score0.05899EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/08/11 12:0 a.m.22 views

Rexical Command Injection Vulnerability

A command injection vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. It allows commands to be executed in a subprocess by Ruby's Kernel.open method...

9.8CVSS5.4AI score0.05899EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/07/31 12:0 a.m.22 views

samlr XML nodes comment attack

Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a nameid node with [email protected] followed by . and then the attacker's domain name...

7.5CVSS2.7AI score0.01205EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/07/31 12:0 a.m.17 views

Code execution backdoor in datagrid

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...

9.8CVSS2.5AI score0.03115EPSS
Exploits0References1
RubySec
RubySec
added 2019/07/31 12:0 a.m.19 views

Code backdoor in simple_captcha2

The simplecaptcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...

9.8CVSS2.1AI score0.03115EPSS
Exploits0References1
RubySec
RubySec
added 2019/07/26 12:0 a.m.20 views

SQL injection vulnerability via Marginalia::Comment

The 'marginalia' gem is affected by a SQL Injection vulnerability. All SQL queries are affected when a user controller argument is added as a component. This affects users that add a component that is user controller, for instance a parameter or a header. The issue is resolved in version 1.6...

9.8CVSS3.8AI score0.01381EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/07/19 12:0 a.m.5 views

Regular Expression Denial of Service (ReDoS) in lodash

lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...

6.5CVSS7AI score0.03076EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/07/16 12:0 a.m.20 views

Arbitrary command execution in slanger

A remote attacker can execute arbitrary commands by sending a crafted request to the server. This is due to the use of Oj.load instead of Oj.strictload when processing messages. Note that slanger is no longer maintained...

9.8CVSS4.3AI score0.04042EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/07/16 12:0 a.m.19 views

Code backdoor in paranoid2

The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5...

9.8CVSS3.6AI score0.0435EPSS
Exploits1References1
RubySec
RubySec
added 2019/07/12 12:0 a.m.23 views

Remote command execution via filename

A remote shell execution vulnerability when using MiniMagick::Image.open with URL coming from unsanitized user input. e.g. MiniMagick::Image.open"| touch.txt"...

7.8CVSS4.1AI score0.07639EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/07/10 12:0 a.m.5 views

Prototype Pollution in lodash

Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects. Recommendation...

9.1CVSS7AI score0.05006EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2019/07/05 12:0 a.m.20 views

strong_password Ruby gem malicious version causing Remote Code Execution vulnerability

The strongpassword gem on RubyGems.org was hijacked by a malicious actor. The malicious actor published v0.0.7 containing malicious code that enables an attacker to execute remote code in production. Upgrade strongpassword to v0.0.8 to ensure no malicious code execution is possible...

9.8CVSS5.4AI score0.033EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/07/02 12:0 a.m.25 views

Arbitrary path traversal and file access via `yard server`

A path traversal vulnerability was discovered in YARD = 0.9.19 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The issue is resolved in v0.9.20 and later...

7.5CVSS2AI score0.02334EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/07/01 12:0 a.m.18 views

Arbitrary Variants Via Query Parameters

Due to unvalidated input, an attacker can pass in arbitrary variants via query parameters. If an application treats variants as trusted, this can lead to potential vulnerabilities like SQL injection or cross-site scripting XSS. For instance: landingpage = fieldtest:landingpage Page.where"key =...

5.3CVSS4.9AI score0.01449EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/06/13 12:0 a.m.21 views

ruby-openid SSRF via claimed_id request

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

10CVSS3.3AI score0.02911EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/06/04 12:0 a.m.21 views

XSS Vulnerability in Chartkick Ruby Gem

Chartkick is vulnerable to a cross-site scripting XSS attack if both the following conditions are met: Condition 1: It's used with ActiveSupport.escapehtmlentitiesinjson = false this is not the default for Rails OR used with a non-Rails framework like Sinatra. Condition 2: Untrusted data or optio...

4.7CVSS2AI score0.00772EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/04/22 12:0 a.m.25 views

Nokogiri gem, via libxslt, is affected by improper access control vulnerability

Nokogiri v1.10.3 has been released. This is a security release. It addresses a CVE in upstream libxslt rated as "Priority: medium" by Canonical, and "NVD Severity: high" by Debian. More details are available below. If you're using your distro's system libraries, rather than Nokogiri's vendored...

9.8CVSS0.05089EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/04/19 12:0 a.m.40 views

Prototype pollution attack through jQuery $.extend

jQuery before 3.4.0 mishandles jQuery.extendtrue, , ... because of bject.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS2.2AI score0.87218EPSS
Exploits4References1Affected Software1
RubySec
RubySec
added 2019/04/10 12:0 a.m.37 views

Blacklist keys are no longer being filtered in airbrake-ruby

A flaw in airbrake-ruby v4.2.3 prevented user data from being filtered prior to sending to Airbrake. Such data could be user passwords. Therefore, an app could leak user passwords without knowing it...

9.8CVSS2.5AI score0.01442EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/04/04 12:0 a.m.25 views

Remote code execution in bootstrap-sass

Arbitrary code execution via backdoor code, when downloaded from rubygems.org was discovered in bootstrap-sass 3.2.0.3. Users are advised to upgrade immediately to 3.2.0.4 An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can b...

10CVSS6.2AI score0.04923EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2019/03/25 12:0 a.m.22 views

Doorkeeper::OpenidConnect Open Redirect

Doorkeeper::OpenidConnect aka the OpenID Connect extension for Doorkeeper 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirecturi field in an OAuth authorization request that results in an error response with the 'openid' scope and a prompt=none value. This allows phishing attacks...

6.1CVSS6.8AI score0.01349EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/03/13 12:0 a.m.87 views

Possible Remote Code Execution Exploit in Rails Development Mode

There is a possible a possible remote code executing exploit in Rails when in development mode. This vulnerability has been assigned the CVE identifier CVE-2019-5420. Versions Affected: 6.0.0.X, 5.2.X. Not affected: 5.2.0 Fixed Versions: 6.0.0.beta3, 5.2.2.1 Impact ------ With some knowledge of a...

9.8CVSS4.2AI score0.92144EPSS
Exploits13References1Affected Software1
RubySec
RubySec
added 2019/03/13 12:0 a.m.42 views

Denial of Service Vulnerability in Action View

There is a potential denial of service vulnerability in actionview. This vulnerability has been assigned the CVE identifier CVE-2019-5419. Impact ------ Specially crafted accept headers can cause the Action View template location code to consume 100% CPU, causing the server unable to process...

7.8CVSS1.8AI score0.08671EPSS
Exploits3References1Affected Software1
RubySec
RubySec
added 2019/03/13 12:0 a.m.27 views

File Content Disclosure in Action View

There is a possible file content disclosure vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2019-5418. Versions Affected: All. Not affected: None. Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 Impact ------ There is a possible file...

7.5CVSS0.8AI score0.98507EPSS
Exploits18References1Affected Software1
RubySec
RubySec
added 2019/03/08 12:0 a.m.20 views

Improper handling of ssh known_hosts file with Chloride

Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's knownhosts file without confirmation. In version 0.3.0 this is updated so that the user's knownhosts file is not updated by chloride...

7.5CVSS2.4AI score0.00893EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/03/05 12:0 a.m.21 views

Escape sequence injection vulnerability in gem owner

An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...

7.5CVSS1.1AI score0.03372EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/03/05 12:0 a.m.16 views

Escape sequence injection vulnerability in api response handling

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...

7.5CVSS0.6AI score0.03372EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/03/05 12:0 a.m.22 views

Installing a malicious gem may lead to arbitrary code execution

An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check...

8.8CVSS2.3AI score0.03219EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/03/05 12:0 a.m.25 views

Escape sequence injection vulnerability in errors

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...

7.5CVSS3.2AI score0.03372EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/03/05 12:0 a.m.17 views

Escape sequence injection vulnerability in verbose

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...

7.5CVSS2.5AI score0.03372EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2019/03/05 12:0 a.m.23 views

Delete directory using symlink when decompressing tar

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files which now include path-checking code for symlinks, it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could...

8.8CVSS1AI score0.04212EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities1232