Lucene search
K
RubygemsRecent

1243 matches found

RubySec
RubySec
added 2026/03/23 12:0 a.m.13 views

Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations...

6.9CVSS5.7AI score0.00498EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.11 views

Rails has a possible XSS vulnerability in its Action View tag helpers

Impact When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Application...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.48 views

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.12 views

Rails Active Support has a possible DoS vulnerability in its number helpers

Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/20 12:0 a.m.8 views

Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations...

9.1CVSS6AI score0.00632EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/19 12:0 a.m.9 views

bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby BCrypt.java computes the key-strengthening round count as a...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/19 12:0 a.m.16 views

Ruby JSON has a format string injection vulnerability

Impact A format string injection vulnerability than that lead to denial of service attacks or information disclosure, when the allowduplicatekey: false parsing option is used to parse user supplied documents. This option isn't the default, if you didn't opt-in to use it, you are not impacted...

9.1CVSS5.8AI score0.00838EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/18 12:0 a.m.8 views

Avo has a XSS vulnerability on `return_to` param

Description A reflected cross-site scripting XSS vulnerability exists in the returnto query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is executed when he clicks a dynamically generated navigation button. Impact This...

6.1CVSS5.9AI score0.00264EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/17 12:0 a.m.12 views

Katello - Denial of Service and potential information disclosure via SQL injection'

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...

5.4CVSS6AI score0.00262EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/16 12:0 a.m.9 views

Confirmable "change email" race condition permits user to confirm email they have no access to

Impact A race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using Confirmable with email changes. By sending two concurrent email change requests, an...

6CVSS5.8AI score0.00275EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/11 12:0 a.m.12 views

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

Summary Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardles...

7.5CVSS6AI score0.00217EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/10 12:0 a.m.62 views

Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation

Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the downloadprivatefile functionality wh...

6.5CVSS5.7AI score0.00732EPSS
Exploits0References1
RubySec
RubySec
added 2026/03/05 12:0 a.m.13 views

Buffer overflow vulnerability in Zlib::GzipReader

A buffer overflow vulnerability exists in Zlib::GzipReader. This vulnerability has been assigned the CVE identifier CVE-2026-27820. We recommend upgrading the zlib gem. Details The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but fails to guarant...

9.8CVSS6AI score0.00561EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/02/27 12:0 a.m.5 views

Mongoid::Criteria.from_hash method allows arbitrary method calls

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

6.9CVSS6AI score0.00196EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/02/27 12:0 a.m.12 views

rubyipmi is vulnerable to OS Command Injection through malicious usernames

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

8.8CVSS6.5AI score0.00771EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/02/17 12:0 a.m.16 views

Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href

Summary Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the javascript: scheme e.g. javascript:alert1, the generated index includes an anchor whose href attribute is exactly...

5.4CVSS5.8AI score0.00224EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/02/17 12:0 a.m.10 views

Rack has a Directory Traversal via Rack:Directory

Summary Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root. Details In directory.rb,...

7.5CVSS5.5AI score0.00665EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/02/09 12:0 a.m.9 views

Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

Impact Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986, protocol-relative URLs e.g. //evil.com/path are treated as network-path references that override the base URL's host/authority...

5.8CVSS5.5AI score0.00351EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/02/05 12:0 a.m.10 views

Unauthenticated Spree Commerce users can access all guest addresses

Summary A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses to their order by manipulating address ID parameters. This enables unauthorized access to other guests' personally identifiable information PII includi...

8.7CVSS5.9AI score0.00599EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/02/05 12:0 a.m.9 views

Unauthenticated Spree Commerce users can view completed guest orders by Order ID

Unauthenticated users can view completed guest orders by Order ID GHSL-2026-029 The OrdersControllershow action permits viewing completed guest orders by order number alone, without requiring the associated order token. Order lookup without enforcing token requirement in OrdersControllershow: rub...

8.7CVSS5.5AI score0.00441EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/02/03 12:0 a.m.16 views

Decidim's private data exports can lead to data leaks

Impact Private data exports can lead to data leaks in cases where the UUID generation causes collisions for the generated UUIDs. The bug was introduced by 13571 and affects Decidim versions 0.30.0 or newer currently 2025-09-23. This issue was discovered by running the following spec several times...

8.2CVSS5.5AI score0.00262EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/02/03 12:0 a.m.8 views

Decidim's private data exports can lead to data leaks

Impact Private data exports can lead to data leaks in cases where the UUID generation causes collisions for the generated UUIDs. The bug was introduced by 13571 and affects Decidim versions 0.30.0 or newer currently 2025-09-23. This issue was discovered by running the following spec several times...

8.2CVSS5.5AI score0.00262EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/02/02 12:0 a.m.9 views

foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...

8.1CVSS5.3AI score0.00274EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/02/02 12:0 a.m.9 views

fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle MITM attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications between Satellite and OpenShift, resulting in...

8.1CVSS5.2AI score0.00254EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/01/21 12:0 a.m.9 views

AlchemyCMS - Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Summary A vulnerability was discovered during a manual security audit of the AlchemyCMS source code. The application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Details The...

9.9CVSS6.2AI score0.00426EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/01/13 12:0 a.m.8 views

openc3-api Vulnerable to Unauthenticated Remote Code Execution

Summary OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of certain APIs, attacker-controlled parameter text is parsed into values using Stringconverttovalue. For array-like inputs, converttovalu...

10CVSS8.5AI score0.00536EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/01/08 12:0 a.m.9 views

Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification

Summary An Authenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an authenticated user to retrieve other users’ address information by modifying an existing order. By editing an order they legitimately own and manipulating address identifiers in the request,...

6.5CVSS6.1AI score0.00371EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2026/01/08 12:0 a.m.8 views

Spree API has Unauthenticated IDOR - Guest Address

Summary An Unauthenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an unauthenticated attacker to access guest address information without supplying valid credentials or session cookies. Details During testing, it was observed that all guest users can make a...

7.5CVSS6.7AI score0.00383EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/12/23 12:0 a.m.14 views

httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

Summary There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. Details When httparty receives a path argument that is an absolute URL, it ignores the baseuri field. As a result, if ...

8.8CVSS5.8AI score0.0026EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/12/18 12:0 a.m.20 views

AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue

Summary S3 Encryption Client for Ruby is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3. When the encrypted data key EDK is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamander...

6CVSS7AI score0.00185EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/12/16 12:0 a.m.6 views

ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

Impact A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modifi...

6.5CVSS6.6AI score0.00262EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/12/08 12:0 a.m.7 views

Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker...

9.8CVSS9.5AI score0.63792EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/12/08 12:0 a.m.8 views

Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...

9.3CVSS7AI score0.00211EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/11/19 12:0 a.m.7 views

null pointer dereference vulnerability in mrubyc 3.4

A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbcrawrealloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally...

5.5CVSS5.6AI score0.00128EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/11/13 12:0 a.m.6 views

Use-after-realloc vulnerablity in mruby 3.4.0

A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sortcmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is...

5.5CVSS5.3AI score0.00142EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/11/07 12:0 a.m.6 views

Out-of-bounds write vulnerability

A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been ma...

7.8CVSS5.6AI score0.00158EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/11/06 12:0 a.m.10 views

MQTT does not validate hostnames

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

7.4CVSS6.6AI score0.00343EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/11/06 12:0 a.m.10 views

Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...

7.6CVSS6.5AI score0.00216EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/10/10 12:0 a.m.9 views

Sinatra is vulnerable to ReDoS through ETag header value generation

Summary There is a denial of service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method is used when constructing the response and you are using Ruby = 3.2...

7.5CVSS6.5AI score0.00458EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/10/10 12:0 a.m.9 views

Rack has a Possible Information Disclosure Vulnerability

Summary A possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to miscommunicate with the proxy and trigger unintended internal requests, potentially...

5.8CVSS6.1AI score0.00434EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/10/10 12:0 a.m.10 views

Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Summary Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of...

7.5CVSS6.5AI score0.00605EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/10/07 12:0 a.m.11 views

Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

Summary Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of...

7.5CVSS7AI score0.00868EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/10/07 12:0 a.m.9 views

Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Summary Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory OOM...

7.5CVSS7.2AI score0.00868EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/10/07 12:0 a.m.12 views

Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Summary Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or more can consume equivalent process memory, potentially leading to out-of-memory OOM...

7.5CVSS6.8AI score0.00528EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/10/07 12:0 a.m.10 views

CVE-2025-61594 - URI Credential Leakage Bypass over CVE-2025-27221

In affected URI version, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. This vulnerability has been assigned the CVE identifier CVE-2025-61594. We recommend upgrading the uri gem. Details When using the + operator to combine URIs, sensitive information like...

7.5CVSS7.1AI score0.0051EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/10/07 12:0 a.m.15 views

URI Credential Leakage Bypass

A vulnerability in the URI library bundled with Ruby allows sensitive user credentials such as usernames or passwords in a URI to be unintentionally leaked when combining URIs using the + operator. This issue bypasses the previous fix for CVE-2025-27221. The issue affects Ruby's built-in URI...

7.5CVSS7.2AI score0.0051EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/09/25 12:0 a.m.10 views

Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters

Summary Rack::QueryParser in version 2.2.18 enforces its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Details The issue arises...

7.5CVSS6.8AI score0.00535EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/09/18 12:0 a.m.5 views

DoS vulnerability in REXML

REXML has a DoS condition when parsing malformed XML file REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXM...

5.3CVSS7.1AI score0.00231EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/09/17 12:0 a.m.7 views

REXML has DoS condition when parsing malformed XML file

Impact The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. Patches REXML gems 3.4.2 or later include the patches to fix these vulnerabilities...

5.3CVSS7.1AI score0.00231EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/08/29 12:0 a.m.11 views

Google Sign-In for Rails allowed redirect to protocol-relative URI

Summary It is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly...

4.2CVSS6.6AI score0.00211EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities1243