Lucene search
K
RubygemsRecent

1243 matches found

RubySec
RubySec
added 2025/08/27 12:0 a.m.11 views

Google Sign-In for Rails allowed redirects to malformed URLs

Summary It is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is malformed, it's possible for the user to be...

4.2CVSS6.8AI score0.00224EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/08/20 12:0 a.m.10 views

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

9.8CVSS7.5AI score0.02464EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/08/20 12:0 a.m.11 views

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

9.8CVSS7.5AI score0.02464EPSS
Exploits1References1
RubySec
RubySec
added 2025/08/14 12:0 a.m.11 views

Active Storage allowed transformation methods that were potentially unsafe

Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...

9.2CVSS7.6AI score0.02388EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/08/13 12:0 a.m.10 views

Active Record logging vulnerable to ANSI escape injection

This vulnerability has been assigned the CVE identifier CVE-2025-55193 Impact The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal, it may include unescaped ANSI sequences. Releases The fixed releases are available at the normal locations...

6.9CVSS7.2AI score0.00565EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/08/07 12:0 a.m.8 views

ruby-jwt < v3.0.0.beta1 was discovered to contain weak encryption

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

9.1CVSS7.3AI score0.00162EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/08/07 12:0 a.m.11 views

JWE is missing AES-GCM authentication tag validation in encrypted JWE

Overview The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. Impact - JWEs can be modified to decrypt to an arbitrary value - JWEs can be decrypted by observing parsing differences - The...

9.1CVSS6.4AI score0.00244EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/07/30 12:0 a.m.9 views

Ruby SAML DOS vulnerability with large SAML response

Summary A denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. Details ruby-saml...

6.9CVSS7.3AI score0.00384EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/07/20 12:0 a.m.13 views

Thor can construct an unsafe shell command from library input.

Thor before 1.4.0 can construct an unsafe shell command from library input...

2.8CVSS7.2AI score0.00155EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/07/14 12:0 a.m.12 views

Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class

Impact There is an arbitrary code execution vulnerability in the CsvEnumerator class of the job-iteration repository. This vulnerability can be exploited by an attacker to execute arbitrary commands on the system where the application is running, potentially leading to unauthorized access, data...

9.3CVSS7.2AI score0.00706EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/07/09 12:0 a.m.16 views

Possible Denial of Service in resolv gem

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2025-24294. We recommend upgrading the resolv gem. Details The vulnerability is caused by an insufficient check on the length of a decompressed...

7.5CVSS6.7AI score0.00539EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/07/08 12:0 a.m.8 views

Possible Denial of Service in resolv gem

A denial of service vulnerability has been discovered in the resolv gem bundled with Ruby. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name...

7.5CVSS6.3AI score0.00539EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/07/08 12:0 a.m.4 views

Heap-based buffer overflow vulnerability in mruby 3.4.0

A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0. Affected is the function scopenew of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. T...

5.5CVSS4.5AI score0.00214EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/07/02 12:0 a.m.11 views

HashiCorp Vagrant has code injection vulnerability through default synced folders

An authenticated virtual machine escape vulnerability exists in HashiCorp Vagrant versions 2.4.6 and below when using the default synced folder configuration. By design, Vagrant automatically mounts the host system’s project directory into the guest VM under /vagrant or C:\vagrant on Windows. Thi...

6.5AI score
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/06/26 12:0 a.m.15 views

Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

6.5CVSS7AI score0.00422EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/06/13 12:0 a.m.10 views

OpenC3 COSMOS Vulnerable to Directory Traversal via openc3-api/tables endpoint

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal...

7.5CVSS7.3AI score0.00856EPSS
Exploits1References1
RubySec
RubySec
added 2025/06/13 12:0 a.m.10 views

OpenC3 COSMOS Vulnerable to Directory Traversal via /script-api/scripts/ endpoint

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal...

9.1CVSS7.3AI score0.00856EPSS
Exploits1References1
RubySec
RubySec
added 2025/06/05 12:0 a.m.13 views

ReDoS Vulnerability in Rack::Multipart handle_mime_head

Summary There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Details Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time,...

8.7CVSS7.1AI score0.01503EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/05/21 12:0 a.m.13 views

Insufficient input sanitization in ejson2env

Summary The ejson2env tool has a vulnerability related to how it writes to stdout. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values m...

6.6CVSS7.8AI score0.01334EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/05/08 12:0 a.m.8 views

Rack session gets restored after deletion

Summary When using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Details Rack session middleware prepares the session at the beginning of request, then saves is back to the store wit...

4.2CVSS6.7AI score0.00282EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/05/08 12:0 a.m.20 views

Rack session gets restored after deletion

Summary When using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Details Rack session middleware prepares the session at the beginning of request, then saves is back to the store wit...

4.2CVSS6.8AI score0.00201EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/05/08 12:0 a.m.30 views

Rack has an Unbounded-Parameter DoS in Rack::QueryParser

Summary Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters. Details The vulnerability arises because...

7.5CVSS6.8AI score0.00911EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/05/07 12:0 a.m.4 views

JRuby-OpenSSL has hostname verification disabled by default

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

7.1CVSS5.5AI score0.0016EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/05/06 12:0 a.m.6 views

Improper certificate validation in Logstash's TCP output...

Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle MitM attack in “client” mode, as hostname verification in TCP output was not being performed when the sslverificationmode = full was set...

6.5CVSS5.9AI score0.00145EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/04/28 12:0 a.m.17 views

net-imap rubygem vulnerable to possible DoS by memory exhaustion

Summary There is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a malicious server can send can send a "literal" byte count, which is automatically read by the client's receiver thread. The response reader...

6.5CVSS7AI score0.00412EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/03/28 12:0 a.m.13 views

Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction

Summary A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. Details A publisher on a publify application is able to perform a cross-site scripting attack on an administrator using the redirect functionality. T...

5.4CVSS6.3AI score0.00242EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/03/27 12:0 a.m.12 views

Pitchfork HTTP Request/Response Splitting vulnerability

Impact HTTP Response Header Injection in Pitchfork Versions 0.11.0 when used in conjunction with Rack 3 Patches The issue was fixed in Pitchfork release 0.11.0 Workarounds There are no known work arounds. Users must upgrade...

4.3CVSS7.4AI score0.00269EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/03/14 12:0 a.m.23 views

Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment

A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updatedajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without a...

9.4CVSS7AI score0.00566EPSS
Exploits17References1Affected Software1
RubySec
RubySec
added 2025/03/12 12:0 a.m.22 views

Out-of-bounds Read in Ruby JSON Parser

Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. Patches Version 2.10.2 fixes the problem. Workarounds None...

7.5CVSS7.4AI score0.00665EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/03/12 12:0 a.m.32 views

graphql allows remote code execution when loading a crafted GraphQL schema

Loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via...

9CVSS9.3AI score0.02865EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2025/03/12 12:0 a.m.14 views

Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses

Summary ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. Ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before...

8.7CVSS9.3AI score0.01359EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/03/12 12:0 a.m.19 views

Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)

Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...

9.8CVSS9.2AI score0.63792EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/03/12 12:0 a.m.17 views

Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)

Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...

9.8CVSS9.2AI score0.19506EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/03/10 12:0 a.m.25 views

Local File Inclusion in Rack::Static

Summary Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. Details The vulnerability occurs because Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically,...

7.5CVSS6.8AI score0.01068EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/03/04 12:0 a.m.17 views

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...

7.5CVSS7.2AI score0.00699EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/03/03 12:0 a.m.18 views

Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

9.8CVSS6.7AI score0.26338EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/02/26 12:0 a.m.33 views

CVE-2025-27220 - ReDoS in CGI::Util#escapeElement.

There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...

7.5CVSS7AI score0.00702EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/02/26 12:0 a.m.15 views

CVE-2025-27219 - Denial of Service in CGI::Cookie.parse

There is a possibility for DoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27219. We recommend upgrading the cgi gem. Details CGI::Cookie.parse took super-linear time to parse a cookie string in some cases. Feeding a maliciously crafted cookie string into t...

7.5CVSS7.1AI score0.00784EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/02/26 12:0 a.m.28 views

CVE-2025-27221 - userinfo leakage in URI#join, URI#merge and URI#+.

There is a possibility for userinfo leakage by in the uri gem. This vulnerability has been assigned the CVE identifier CVE-2025-27221. We recommend upgrading the uri gem. Details The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. Whe...

5.3CVSS6.9AI score0.00472EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/02/24 12:0 a.m.10 views

Phusion Passenger denial of service

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...

7.5CVSS6.7AI score0.0057EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2025/02/12 12:0 a.m.25 views

Possible Log Injection in Rack::CommonLogger

Summary Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs. Details When a user provides the authorization credentials via Rack::Auth::Basic, if success,...

7.1CVSS6.6AI score0.01142EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2025/02/10 12:0 a.m.39 views

Possible DoS by memory exhaustion in net-imap

Summary There is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is connected, a malicious server can send can send highly compressed uid-set data which is automatically read by the client's receiver thread. The response parser...

6.5CVSS6.4AI score0.00608EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/12/30 12:0 a.m.16 views

Password Pusher Allows Session Token Interception Leading to Potential Hijacking

Impact A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before...

5.7CVSS6.9AI score0.00209EPSS
Exploits0References1
RubySec
RubySec
added 2024/12/10 12:0 a.m.52 views

Possible Content Security Policy bypass in Action Dispatch

There is a possible Cross Site Scripting XSS vulnerability in the contentsecuritypolicy helper in Action Pack. Impact Applications which set Content-Security-Policy CSP headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives...

2.3CVSS5.6AI score0.01009EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/12/02 12:0 a.m.14 views

rails-html-sanitizer has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. Versions affected: 1.6.0 Not affected: 1.6.0 Fixed versions: 1.6.1 Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may...

6.1CVSS5.8AI score0.00462EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/12/02 12:0 a.m.22 views

rails-html-sanitizer has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. Versions affected: 1.6.0 Not affected: 1.6.0 Fixed versions: 1.6.1 Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may...

6.1CVSS5.7AI score0.00463EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/12/02 12:0 a.m.14 views

rails-html-sanitizer has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. Versions affected: 1.6.0 Not affected: 1.6.0 Fixed versions: 1.6.1 Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may...

6.1CVSS5.6AI score0.00435EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/12/02 12:0 a.m.20 views

rails-html-sanitizer has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0 and Nokogiri = 1.16.8. Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5...

6.1CVSS5.7AI score0.00581EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/12/02 12:0 a.m.19 views

rails-html-sanitizer has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. Versions affected: 1.6.0 Not affected: 1.6.0 Fixed versions: 1.6.1 Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may...

6.1CVSS5.8AI score0.00435EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/11/20 12:0 a.m.42 views

Password Pusher rate limiter can be bypassed by forging proxy headers

Impact Password Pusher comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. Patches In v1.49.0, a fix was implemented to...

5.3CVSS6.6AI score0.00522EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities1243