1232 matches found
A code injection vulnerability of Shell#[] and Shell#test
Shell and its alias Shelltest defined in lib/shell.rb allow code injection if the first argument aka the “command” argument is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. Note that passing untrusted data to methods of Shell is dangerous in general. Users must...
simple_form Gem for Ruby Incorrect Access Control for forms based on user input
Simple Form before 5.0 has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call. This only happens for pages that build forms based on user input...
padrino-contrib XSS via caption parameter of breadcrumbs helper
The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption...
Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly
With the consul ruby gem before 1.0.3, if a controller checks multiple powers using :if or :except conditions, these conditions are erroneously applied to all power checks in that controller. This can lead to skipped power checks and hence unauthenticated access to certain controller actions...
Denial of Service in rubyzip ("zip bombs")
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service disk consumption...
Devise Gem for Ruby confirmation token validation with a blank string
Devise before 4.7.1 confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records would exist...
OS Command Injection in Rake
There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...
fat_free_crm XSS via query parameter of tags_helper method
Fat Free CRM before 0.18.1 has XSS in the tagshelper in app/helpers/tagshelper.rb...
Code execution backdoor in cron_parser
The cronparser gem 0.1.4, 1.0.12, and 1.0.13 as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. No unaffected version is known to exist, as the gem appears to have been entirely removed...
Code execution backdoor in awesome-bot
The awesome-bot gem 1.18.0 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 1.17.2 or upgrading to 1.19.x...
Code execution backdoor in coming-soon
The coming-soon gem 0.2.8 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. No unaffected version is known to exist, as the gem appears to have been entirely removed...
Code execution backdoor in doge-coin
The doge-coin gem 1.0.2 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 1.0.1...
Code execution backdoor in coin_base
The coinbase gem 4.2.1 through 4.2.2 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. No unaffected version is known to exist, as the gem appears to have been entirely removed...
Code execution backdoor in blockchain_wallet
The blockchainwallet gem 0.0.6 through 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 0.0.5...
Code execution backdoor in omniauth_amazon
The omniauthamazon gem 1.0.1 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 1.0.1...
Code execution backdoor in capistrano-colors
The capistrano-colors 0.5.5 gem for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 0.5.4...
Code execution backdoor in bitcoin_vanity
The bitcoinvanity gem 4.3.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. No unaffected version is known to exist, as the gem appears to have been entirely removed...
Code execution backdoor in lita_coin
The litacoin gem 0.0.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. No unaffected version is known to exist, as the gem appears to have been entirely removed...
Code execution backdoor in rest-client
The rest-client gem 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being passed untrusted user input. This vulnerability appears...
Rexical Command Injection Vulnerability
A command injection vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. It allows commands to be executed in a subprocess by Ruby's Kernel.open method...
samlr XML nodes comment attack
Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a nameid node with [email protected] followed by . and then the attacker's domain name...
Code execution backdoor in datagrid
The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...
Code backdoor in simple_captcha2
The simplecaptcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...
SQL injection vulnerability via Marginalia::Comment
The 'marginalia' gem is affected by a SQL Injection vulnerability. All SQL queries are affected when a user controller argument is added as a component. This affects users that add a component that is user controller, for instance a parameter or a header. The issue is resolved in version 1.6...
Regular Expression Denial of Service (ReDoS) in lodash
lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...
Arbitrary command execution in slanger
A remote attacker can execute arbitrary commands by sending a crafted request to the server. This is due to the use of Oj.load instead of Oj.strictload when processing messages. Note that slanger is no longer maintained...
Code backdoor in paranoid2
The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5...
Remote command execution via filename
A remote shell execution vulnerability when using MiniMagick::Image.open with URL coming from unsanitized user input. e.g. MiniMagick::Image.open"| touch.txt"...
Prototype Pollution in lodash
Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects. Recommendation...
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability
The strongpassword gem on RubyGems.org was hijacked by a malicious actor. The malicious actor published v0.0.7 containing malicious code that enables an attacker to execute remote code in production. Upgrade strongpassword to v0.0.8 to ensure no malicious code execution is possible...
Arbitrary path traversal and file access via `yard server`
A path traversal vulnerability was discovered in YARD = 0.9.19 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The issue is resolved in v0.9.20 and later...
Arbitrary Variants Via Query Parameters
Due to unvalidated input, an attacker can pass in arbitrary variants via query parameters. If an application treats variants as trusted, this can lead to potential vulnerabilities like SQL injection or cross-site scripting XSS. For instance: landingpage = fieldtest:landingpage Page.where"key =...
ruby-openid SSRF via claimed_id request
Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...
XSS Vulnerability in Chartkick Ruby Gem
Chartkick is vulnerable to a cross-site scripting XSS attack if both the following conditions are met: Condition 1: It's used with ActiveSupport.escapehtmlentitiesinjson = false this is not the default for Rails OR used with a non-Rails framework like Sinatra. Condition 2: Untrusted data or optio...
Nokogiri gem, via libxslt, is affected by improper access control vulnerability
Nokogiri v1.10.3 has been released. This is a security release. It addresses a CVE in upstream libxslt rated as "Priority: medium" by Canonical, and "NVD Severity: high" by Debian. More details are available below. If you're using your distro's system libraries, rather than Nokogiri's vendored...
Prototype pollution attack through jQuery $.extend
jQuery before 3.4.0 mishandles jQuery.extendtrue, , ... because of bject.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...
Blacklist keys are no longer being filtered in airbrake-ruby
A flaw in airbrake-ruby v4.2.3 prevented user data from being filtered prior to sending to Airbrake. Such data could be user passwords. Therefore, an app could leak user passwords without knowing it...
Remote code execution in bootstrap-sass
Arbitrary code execution via backdoor code, when downloaded from rubygems.org was discovered in bootstrap-sass 3.2.0.3. Users are advised to upgrade immediately to 3.2.0.4 An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can b...
Doorkeeper::OpenidConnect Open Redirect
Doorkeeper::OpenidConnect aka the OpenID Connect extension for Doorkeeper 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirecturi field in an OAuth authorization request that results in an error response with the 'openid' scope and a prompt=none value. This allows phishing attacks...
Possible Remote Code Execution Exploit in Rails Development Mode
There is a possible a possible remote code executing exploit in Rails when in development mode. This vulnerability has been assigned the CVE identifier CVE-2019-5420. Versions Affected: 6.0.0.X, 5.2.X. Not affected: 5.2.0 Fixed Versions: 6.0.0.beta3, 5.2.2.1 Impact ------ With some knowledge of a...
Denial of Service Vulnerability in Action View
There is a potential denial of service vulnerability in actionview. This vulnerability has been assigned the CVE identifier CVE-2019-5419. Impact ------ Specially crafted accept headers can cause the Action View template location code to consume 100% CPU, causing the server unable to process...
File Content Disclosure in Action View
There is a possible file content disclosure vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2019-5418. Versions Affected: All. Not affected: None. Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 Impact ------ There is a possible file...
Improper handling of ssh known_hosts file with Chloride
Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's knownhosts file without confirmation. In version 0.3.0 this is updated so that the user's knownhosts file is not updated by chloride...
Escape sequence injection vulnerability in gem owner
An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur...
Escape sequence injection vulnerability in api response handling
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilitieswithresponse may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur...
Installing a malicious gem may lead to arbitrary code execution
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check...
Escape sequence injection vulnerability in errors
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...
Escape sequence injection vulnerability in verbose
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteractionverbose calls say without escaping, escape sequence injection is possible...
Delete directory using symlink when decompressing tar
A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files which now include path-checking code for symlinks, it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could...