Security Vulnerability in Nested Attributes code in Ruby On Rails 2.3.9 and 3.0.0

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. Patches are available for 2.3 and 3.0 series...

Potential SQL Injection with limit in rails/activerecord

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument...

High severity vulnerability that affects rails

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

High severity vulnerability that affects rails.

Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service application hang or "data loss," a differen...

Moderate severity vulnerability that affects rails

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirectto function...

Moderate severity vulnerability that affects rails

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."...

Moderate severity XSS vulnerability that affects rails

Cross-site scripting XSS vulnerability in the striptags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters,related to HTML::Tokenizer and...

Arbitrary File Write Access in Puppet

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise PE 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log /tmp/out.log...

Arbitrary file delete/D.O.S on Puppet Master

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...

Insufficient input validation

lib/puppet/ssl/certificateauthority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request CSR, which makes it easier for user-assisted remote attackers to trick...

Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

Agent Imprersonation in Puppet

lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address...

Puppet `resource_type` Remote Code Execution Vulnerability

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resourcetype service. NOTE: this vulnerability can only be exploited...

last_run_report.yaml is world readable

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for lastrunreport.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file...

Unauthenticated Remote Code Execution Vulnerability

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...

Unauthenticated Remote Code Execution Vulnerability

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...

Filter Problems on Case-Insensitive Filesystems in rails/actionpack

actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action...

XSS vulnerabilities in the mail_to helper in rails/actionview

Multiple cross-site scripting XSS vulnerabilities in the mailto helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 name or 2 email value...

Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

High severity vulnerability that affects thin

lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header...

Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

Moderate severity vulnerability that affects rails

A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts...

Unsafe Query Generation Risk in Ruby on Rails

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

WEBrick Improper Input Validation vulnerability

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...

UTF-8 escaping vulnerability in rails/activesupport

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a...

actionpack and activesupport vulnerable to information leaks

A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts...

Potential XSS Vulnerability in Ruby on Rails Applications

The cross-site scripting XSS prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a...

Moderate severity XSS vulnerability that affects rails

Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. 9/4/2009 url mentions patches for 2.0, 2.1, 2.2, and 2.3 series...

Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet

Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan...

Moderate severity vulnerability that affects jquery-ui

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

Incorrect handling of initialization vector in the GCM mode in OpenSSL

The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism...

Vulnerable to XIE DoS attacks

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...

Unsafe Object Deserialization Vulnerability in RubyGems

There is a possible unsafe object deserialization vulnerability in RubyGems. It is possible for YAML deserialization of gem specifications to bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities

The version of libxml2 packaged with Nokogiri contains several vulnerabilities. Nokogiri has mitigated these issues by upgrading to libxml 2.9.5. It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial ...

Buffer underrun vulnerability in Kernel.sprintf

There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or th...

Escape sequence injection vulnerability in the Basic authentication of WEBrick

There is an escape sequence injection vulnerability in the Basic authentication of WEBrick bundled by Ruby. When using the Basic authentication of WEBrick, clients can pass an arbitrary string as the user name. WEBrick outputs the passed user name intact to its log, then an attacker can inject...

Heap exposure vulnerability in generating JSON

There is a heap exposure vulnerability in JSON bundled by Ruby. The generate method of JSON module optionally accepts an instance of JSON::Ext::Generator::State class. If a malicious instance is passed, the result may include contents of heap. All users running an affected release should either...

Buffer underrun vulnerability in Kernel.sprintf

There is a buffer underrun vulnerability in the sprintf method of Kernel module. If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or th...

Buffer underrun vulnerability in OpenSSL ASN1 decode

There is a buffer underrun vulnerability in OpenSSL bundled by Ruby. If a malicious string is passed to the decode method of OpenSSL::ASN1, buffer underrun may be caused and the Ruby interpreter may crash. All users running an affected release should either upgrade or use one of the workarounds...

DoS Vulnerability associated with URI.decode_www_form_component method

The URI.decodewwwformcomponent method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service catastrophic regular expression backtracking, resource consumption, or application crash via a crafted string...

RubyGems ANSI escape sequence vulnerability

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences...

RubyGems DNS request hijacking vulnerability

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to down load and install gems from a server that the attacker controls...

RubyGems DoS vulnerability in the query command

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a query command...

RubyGems vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...

Stored XSS in "gemirro" via injection in Gemspec "homepage" value

Stored cross-site scripting XSS vulnerability in Gemirro allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to build a gem for...

Logstash Logs Sensitive Information

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...

Heap use-after-free in mark_context_stack

The markcontextstack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service heap-based use-after-free and application crash or possibly have unspecified other impact via a crafted .rb file...

Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29

nokogiri version 1.7.2 has been released. This is a security update based on 1.7.1, addressing two upstream libxslt 1.1.29 vulnerabilities classified as "Medium" by Canonical and given a CVSS3 score of "6.5 Medium" and "8.8 High" by RedHat. These patches only apply when using Nokogiri's vendored...

haml failure to escape single quotes

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...

RuboCop gem Insecure use of /tmp

RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users...