Lucene search
K
RubygemsRecent

1230 matches found

RubySec
RubySec
added 2024/10/02 12:0 a.m.31 views

OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)

Summary The login functionality contains a reflected cross-site scripting XSS vulnerability. Note: This CVE only affects Open Source Edition, and not OpenC3 COSMOS Enterprise Edition Impact This issue may lead up to Remote Code Execution RCE. NOTE: The complete advisory with much more information...

6.1CVSS7.1AI score0.00443EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/10/01 12:0 a.m.19 views

Decidim has a cross-site scripting vulnerability in the version control page

Impact The version control feature used in resources is subject to potential cross-site scripting XSS attack through a malformed URL. Workarounds Not available References OWASP ASVS v4.0.3-5.1.3 Credits This issue was discovered in a security audit organized by Open Source Politics against Decidi...

7.1CVSS6.1AI score0.00394EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/09/25 12:0 a.m.17 views

Heap-based Buffer Overflow in sqlite-vec

sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npytokennext function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted file. Workaround for CVE in release 0.1.3...

9.1CVSS7.2AI score0.00425EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2024/09/22 12:0 a.m.13 views

HTTP Request Smuggling in ruby webrick

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier''s position is "Webri...

6.7AI score0.00393EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/09/20 12:0 a.m.22 views

Puma's header normalization allows for client to clobber proxy set headers

Impact Clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users trusting headers set by their proxy may be affected. Attackers may be able to downgrade connections to HTTP non-SSL or redirect...

5.4CVSS6.7AI score0.00646EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/09/19 12:0 a.m.24 views

protobuf-java has potential Denial of Service issue

Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team Affected versions: This issue affects all versions of both t...

8.7CVSS6.6AI score0.02772EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/09/18 12:0 a.m.20 views

Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)

A path traversal vulnerability accessible via MediaController's downloadprivatefile method allows authenticated users to download any file on the web server Camaleon CMS is running on depending on the file permissions. In the downloadprivatefile method: ruby def downloadprivatefile...

7.7CVSS5.8AI score0.1456EPSS
Exploits11References1Affected Software1
RubySec
RubySec
added 2024/09/18 12:0 a.m.26 views

Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a delayed...

9.9CVSS8.6AI score0.35461EPSS
Exploits2References1Affected Software1
RubySec
RubySec
added 2024/09/17 12:0 a.m.28 views

Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length

Summary Under the default configuration, Devise-Two-Factor version = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier...

6CVSS6.9AI score0.00641EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/09/16 12:0 a.m.13 views

Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log

Impact The admin panel is subject to potential XSS attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admin activity log where one of the resources has an XSS crafted. Patches N/A Workarounds Redirect the pages /admin and /admin/logs to other admi...

6.8CVSS6AI score0.00353EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/09/16 12:0 a.m.13 views

Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor

Impact The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being uploaded to the server. The attacker is able to change e.g. to if they know how to craft these requests themselves. Patches N/A Workarounds Review the user accounts tha...

5.4CVSS5.8AI score0.0026EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/09/11 12:0 a.m.19 views

omniauth-saml vulnerable to Improper Verification of Cryptographic Signature

ruby-saml, the dependent SAML gem of omniauth-saml has a signature wrapping vulnerability in = v1.12.0 and v1.13.0 to v1.16.0 , see https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 As a result, omniauth-saml created a new release by upgrading ruby-saml to the...

10CVSS9.3AI score0.10684EPSS
Exploits3References1Affected Software1
RubySec
RubySec
added 2024/08/28 12:0 a.m.19 views

SAML authentication bypass via Incorrect XPath selector

Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrar...

10CVSS7.2AI score0.10684EPSS
Exploits3References1Affected Software1
RubySec
RubySec
added 2024/08/23 12:0 a.m.20 views

request_store has Incorrect Default Permissions

Impact The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of thi...

7.8CVSS7.6AI score0.00194EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/08/22 12:0 a.m.15 views

REXML denial of service vulnerability

Impact The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser...

5.9CVSS6.6AI score0.01205EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/08/21 12:0 a.m.5 views

Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability

Affected packages The vulnerability has been discovered in Code Snippet GeSHi plugin. All integrators that use GeSHi syntax highlighter on the backend side can be affected. Impact A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a...

6.1CVSS6.6AI score0.00424EPSS
Exploits0References1
RubySec
RubySec
added 2024/08/21 12:0 a.m.8 views

CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover

Affected Packages The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are...

3.1CVSS7AI score0.004EPSS
Exploits0References1
RubySec
RubySec
added 2024/08/19 12:0 a.m.16 views

fugit parse and parse_nat stall on lengthy input

Impact The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check user input leng...

7.5CVSS7.1AI score0.00792EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/08/13 12:0 a.m.16 views

Command Injection in sequenceserver gem

Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...

9.8CVSS7AI score0.00584EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/08/01 12:0 a.m.15 views

DoS vulnerabilities in REXML

There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-41946. We strongly recommend upgrading the REXML gem. Details When parsing an XML that has many entity expansions with SAX2 or pull parser API, REXML gem may take long time. Please update...

7.5CVSS5.4AI score0.01192EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/08/01 12:0 a.m.16 views

DoS vulnerabilities in REXML

There are some DoS vulnerabilities in REXML gem. These vulnerabilities have been assigned the CVE identifier CVE-2024-41123. We strongly recommend upgrading the REXML gem. Details When parsing an XML document that has many specific characters such as whitespace character, and , REXML gem may take...

7.5CVSS5.7AI score0.01283EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/07/25 12:0 a.m.14 views

Cross-Site Request Forgery in Spina

A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/mediafolders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the...

8.8CVSS6.9AI score0.00407EPSS
Exploits1References1
RubySec
RubySec
added 2024/07/16 12:0 a.m.27 views

DoS in REXML

There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2024-39908. We strongly recommend upgrading the REXML gem. Details When it parses an XML that has many specific characters such as . REXML gem may take long time. Please update REXML gem to...

4.3CVSS7.2AI score0.01493EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/07/11 12:0 a.m.20 views

Bootstrap Cross-Site Scripting (XSS) vulnerability

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...

6.2AI score
Exploits0References1
RubySec
RubySec
added 2024/07/11 12:0 a.m.18 views

Bootstrap Cross-Site Scripting (XSS) vulnerability

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...

6.2AI score
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/07/11 12:0 a.m.37 views

Bootstrap Cross-Site Scripting (XSS) vulnerability

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...

6.2AI score
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/07/10 12:0 a.m.49 views

Decidim vulnerable to data disclosure through the embed feature

Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches Version 0.27.6...

5.3CVSS7AI score0.00492EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/07/10 12:0 a.m.22 views

Decidim cross-site scripting (XSS) in the pagination

Impact The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter perpage. Patches Patched in version 0.27.6 and 0.28.1 References OWASP ASVS v4.0.3-5.1.3 Credits This issue was discovered in a security audit organized by...

7.1CVSS6.3AI score0.00417EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/07/10 12:0 a.m.23 views

Decidim cross-site scripting (XSS) in the admin panel

Impact The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. The attacker is able to change e.g. to if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually b...

5.4CVSS6.1AI score0.00341EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/07/08 12:0 a.m.22 views

RailsAdmin Cross-site Scripting vulnerability in the list view

Impact RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. The issue was originally reported in https://github.com/railsadminteam/railsadmin/issues/3686. Patches Upgrade to 3.1.3 or 2.3.0. Workarounds 1. Copy the index view located under the path...

6.8CVSS5.9AI score0.00579EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/07/03 12:0 a.m.20 views

Rack ReDoS Vulnerability in HTTP Accept Headers Parsing

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the Rack::Request::Helpers module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted Accept-Encoding or Accept-Language headers, causing the server to spend...

6.5CVSS7.1AI score0.00856EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/06/04 12:0 a.m.23 views

ActionText ContentAttachment can Contain Unsanitized HTML

Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...

6.1CVSS6.1AI score0.00434EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/06/04 12:0 a.m.32 views

Missing security headers in Action Pack on non-HTML responses

Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: = 6.1.0 Not affected: 6.1.0 Fixed Versions: 6.1.7.8,...

9.8CVSS5.3AI score0.00658EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/06/02 12:0 a.m.30 views

activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends

Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...

6.1CVSS6.6AI score0.00349EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/05/27 12:0 a.m.13 views

Insecure File Permissions vulnerability in kaminari

kaminari versions prior to 0.16.2 are vulnerable to an Insecure File Permissions vulnerability, where certain files within the kaminari gem have insecure file permissions. Versions Affected: = 0.16.2 Impact An attacker with local access could write arbitrary code to the affected files resulting i...

6.6CVSS7.3AI score0.006EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/05/27 12:0 a.m.18 views

Denial of Service in rack-contrib via "profiler_runs" parameter

rack-contrib prior to version 2.5.0 is vulnerable to a Denial of Service via the profilerruns HTTP request parameter. Versions Affected: = 2.5.0 Impact An attacker can trigger a Denial of Service by sending an HTTP request with an overly large profilerruns parameter. shell curl...

8.6CVSS6.9AI score0.00661EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/05/16 12:0 a.m.34 views

REXML contains a denial of service vulnerability

Impact The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many s in an attribute value. If you need to parse untrusted XMLs, you many be impacted to this vulnerability. Patches The REXML gem 3.2.7 or later include the patch to fix this vulnerability. Workarounds Don...

5.3CVSS6.4AI score0.02064EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2024/05/07 12:0 a.m.23 views

Arbitrary Code Execution Vulnerability in Trix Editor included in ActionText

From version 7.0 onwards the ActionText gem includes a copy of the Trix rich text editor. Prior to versions 7.0.8.3 and 7.1.3.3, ActionText included a version of Trix that is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into t...

5.4CVSS7.9AI score0.00784EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/05/01 12:0 a.m.11 views

Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values

There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browser are...

7.1CVSS5.8AI score0.00713EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/04/26 12:0 a.m.13 views

Reflected XSS in Metrics Web Page

Reflected XSS in Sidekiq Web UI via the /metrics HTTP end-point and the substr query param: https://host/sidekiq/metrics?substr=foot%22%3E%3Cscript%20src=%22payload%22%20/%3E...

5.5CVSS6.2AI score0.00594EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/04/23 12:0 a.m.36 views

Arbitrary memory address read vulnerability with Regex search

If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. We recommend to update the Ruby to version 3.3.1 or later. In order to ensure compatibility with older Ruby...

6.6CVSS7.3AI score0.00629EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/04/16 12:0 a.m.15 views

Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...

7.1CVSS5.9AI score0.00575EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/03/25 12:0 a.m.21 views

CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained

Impact The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by...

6.8CVSS6.5AI score0.00613EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/03/21 12:0 a.m.28 views

RCE vulnerability with .rdoc_options in RDoc

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

4.5CVSS8.3AI score0.01571EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/03/21 12:0 a.m.26 views

Buffer overread vulnerability in StringIO

An issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. This vulnerability is not affected...

9.8CVSS7AI score0.02364EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/03/18 12:0 a.m.15 views

ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.

The Ruby One Time Password library ROTP is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation...

5.5CVSS7.1AI score0.00176EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/03/15 12:0 a.m.13 views

TurboBoost Commands vulnerable to arbitrary method invocation

Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...

8.1CVSS7.5AI score0.00796EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/03/12 12:0 a.m.19 views

StimulusReflex arbitrary method call

Summary More methods than expected can be called on reflex instances. Being able to call some of them has security implications. Details To invoke a reflex a websocket message of the following shape is sent: json "target": "classnamemethodname", "args": The server will proceed to instantiate refl...

8.8CVSS7AI score0.01555EPSS
Exploits3References1Affected Software1
RubySec
RubySec
added 2024/03/12 12:0 a.m.14 views

Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex

There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. Impact If you render an tag with an href attribute set to a user-provided link, that...

7.1CVSS5.8AI score0.00604EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/03/01 12:0 a.m.13 views

Cross Site Scripting vulnerability in Contribsys Sidekiq

Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions...

6.1CVSS6AI score0.0059EPSS
Exploits2References1Affected Software1
Total number of security vulnerabilities1230