1227 matches found
RubyGems ANSI escape sequence vulnerability
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences...
Stored XSS in "gemirro" via injection in Gemspec "homepage" value
Stored cross-site scripting XSS vulnerability in Gemirro allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to build a gem for...
Logstash Logs Sensitive Information
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...
Heap use-after-free in mark_context_stack
The markcontextstack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service heap-based use-after-free and application crash or possibly have unspecified other impact via a crafted .rb file...
Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29
nokogiri version 1.7.2 has been released. This is a security update based on 1.7.1, addressing two upstream libxslt 1.1.29 vulnerabilities classified as "Medium" by Canonical and given a CVSS3 score of "6.5 Medium" and "8.8 High" by RedHat. These patches only apply when using Nokogiri's vendored...
haml failure to escape single quotes
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...
RuboCop gem Insecure use of /tmp
RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users...
Safemode Gem for Ruby is vulnerable to bypassing safe mode limitations
Safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation...
DoS caused by infinite recursion (stack overflow) in parse_char_class()
The parsecharclass function in regparse.c in the Onigmo aka Oniguruma-mod regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service deep recursion and application crash via a crafted regular expression...
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
Nokogiri version 1.7.1 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVEs: CVE-2016-4658 CVSS v3 Base Score: 9.8 Critical libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to...
Directory traversal vulnerability in rubyzip
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem...
omniauth leaks authenticity token in callback params
In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...
Ruby 2.1 has exploitable heap overflow vulnerability
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "argtypes" allocation is made based on args array length. Specially constructed object passed as element of args array can...
Type confusion exists in ole_invoke and ole_query_interface methods of Ruby's WIN32OLE class
Type confusion exists in two methods of Ruby's WIN32OLE class, oleinvoke and olequeryinterface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution...
Type confusion exists in _cancel_eval Ruby's TclTkIp class
Type confusion exists in canceleval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution...
CSRF vulnerability in rails_admin
The railsadmin gem is vulnerable to cross-site request forgery CSRF attacks. Due to a bug, non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
Predictable tmp File Path Vulnerability in Phusion Passenger
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user...
Allows an attacker to inject arbitrary code into your application via any secondary Gem source declared in your Gemfile
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a Gem name collision on a secondary source. Please note that this vulnerability only applies for Ruby projects using Bundler 2.0 with Gemfiles having 2 or more "source" lines. In other words, ...
XSS Vulnerability on closeText option of Dialog jQuery UI
Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...
Archive-Tar-Minitar Directory Traversal Vulnerability
Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. Analogous vulnerabilities for unzip and tar: https://www.cvedetails.com/cve/CVE-2001-1268/ and http://www.cvedetails.com/cve/CVE-2001-1267/ Credit: ecneladis...
Minitar Directory Traversal Vulnerability
Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. dot dot in an extracted filename. Analogous vulnerabilities for unzip and tar: https://www.cvedetails.com/cve/CVE-2001-1268/ and http://www.cvedetails.com/cve/CVE-2001-1267/ Credit: ecneladis...
Doorkeeper gem does not revoke tokens & uses wrong auth/auth method
Doorkeeper failed to implement OAuth 2.0 Token Revocation RFC 7009 in the following ways: 1. Public clients making valid, unauthenticated calls to revoke a token would not have their token revoked 2. Requests were not properly authenticating the client credentials but were, instead, looking at th...
Unsafe Query Generation Risk in Active Record
There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. Impact ------ Due to the way Active Record interprets parameters in combination with the way that JSON parameters are...
Possible XSS Vulnerability in Action View
There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. Impact ------ Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to...
Possible XSS Vulnerability in Action View
There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. Impact ------ Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to...
XSS vulnerability via data-target in bootstrap
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute...
XSS vulnerability via data-target in bootstrap-sass
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute...
XML signature wrapping attack
ruby-saml prior to version 1.3.0 is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced at the same time 2 elements but past the scheme validator process since 1 of the element was inside the encrypted assertion. ruby-saml users must...
Logstash Logs Sensitive Information
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials...
Denial of service or RCE from libxml2 and libxslt
Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote...
rack-mini-profiler may disclose information to unauthorized users
Carefully crafted requests can expose information about strings and objects allocated during the request for unauthorised users...
Puppet Improper Access Control
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...
festivaltts4r Gem for Ruby Arbitrary Command Execution
festivaltts4r passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to the tospeech and and tomp3 methods in lib/festivaltts4r/festival4r.rb library...
Safemode Gem for Ruby is vulnerable to information disclosure
Safemode is initialised with an optional 'delegate' object. If the delegated object is a Rails controller, 'inspect' could be called which then exposes all informations about the App, including routes, secret tokens, caches and so on...
espeak-ruby Gem for Ruby Arbitrary Command Execution
espeak-ruby passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to the speak, save, bytes and byteswav methods in the lib/espeak/speech.rb library...
Cross-site request forgery (CSRF) vulnerability in administrate gem
"Administrate::ApplicationController actions didn't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf."...
Possible Information Leak Vulnerability in Action View
There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all the scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x, 4.0.x,...
Possible remote code execution vulnerability in Action Pack
There is a possible remote code execution vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2016-2098. Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x Not affected: 5.0+ Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2 Impact ------ Applications that pass unverifi...
Possible Information Leak Vulnerability in Action View
There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all the scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x, 4.0.x,...
Directory traversal vulnerability in guard-livereload
The vulnerability allows remote attackers to read arbitrary files on the server by exploiting improper path validation in the livereload server functionality. This vulnerability is related to the handling of file paths in the livereload server component, which could allow an attacker to traverse...
Nested attributes rejection proc bypass in Active Record
There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled. This vulnerability has been assigned the CVE identifier CVE-2015-7577. Versions Affected: 3.1.0 and newer Not affected: 3.0.x and...
XSS vulnerability in rails-html-sanitizer
There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's striptags. This vulnerability has been assigned the CVE identifier CVE-2015-7579. Versions Affected: 1.0.2 Not affected: 1.0.0, 1.0.1 Fixed Versions: 1.0.3 Impact ------ Due to the way that Rails::Html::FullSanitizer...
Possible XSS vulnerability in rails-html-sanitizer
There is a possible XSS vulnerability in rails-html-sanitizer. This vulnerability has been assigned the CVE identifier CVE-2015-7578. Versions Affected: All. Not affected: None. Fixed Versions: 1.0.3 Impact ------ There is a possible XSS vulnerability in rails-html-sanitizer. Certain attributes a...
Possible XSS vulnerability in rails-html-sanitizer
There is a possible XSS vulnerability in the white list sanitizer in the rails-html-sanitizer gem. This vulnerability has been assigned the CVE identifier CVE-2015-7580. Versions Affected: All. Not affected: None. Fixed Versions: v1.0.3 Impact ------ Carefully crafted strings can cause user input...
Possible Information Leak Vulnerability in Action View
There is a possible directory traversal and information leak vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2016-0752. Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1 Impact ------ Applications that...
Object leak vulnerability for wildcard controller routes in Action Pack
There is an object leak vulnerability for wildcard controllers in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2015-7581. Versions Affected: = 4.0.0 and 5.0.0.beta1 Not affected: 4.0.0, 5.0.0.beta1 and newer Fixed Versions: 4.2.5.1, 4.1.14.1 Impact ------ Users that ha...
Timing attack vulnerability in basic authentication in Action Controller.
There is a timing attack vulnerability in the basic authentication support in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2015-7576. Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1 Impact ------ Due to the w...
Possible Object Leak and Denial of Service attack in Action Pack
There is a possible object leak which can lead to a denial of service vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2016-0751. Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1 Impact ------ A careful...
Possible Information Leak Vulnerability in Action View
There is a possible directory traversal and information leak vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2016-0752. Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1 Impact ------ Applications that...
Possible Input Validation Circumvention in Active Model
There is a possible input validation circumvention vulnerability in Active Model. This vulnerability has been assigned the CVE identifier CVE-2016-0753. Versions Affected: 4.1.0 and newer Not affected: 4.0.13 and older Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1 Impact ------ Code that uses...