avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields

Summary Some avo fields are vulnerable to XSS when rendering html based content. Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix...

Server-Side Template Injection in Camaleon CMS

Camaleon CMS prior to 2.7.4 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter...

Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem v0.5

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

Race Condition leading to logging errors

In certain setups with threaded web servers, Audited's use of Thread.current can incorrectly attributed audits to the wrong user. Fixed in 5.3.3. In March, @convisoappsec noticed that the library in question had a Race Condition problem, which caused logs to be registered at times with different...

Buffer overflow in sponge queue functions

Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. Patches Yes, see commit fdc6fef0...

Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform

Summary Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the info logging level during the kitchen converge action. Prior to v7.0.0, the output values were printed at the debug level to avoid writing sensitive...

sidekiq vulnerable to cross-site scripting

sidekiq from 7.0.4 to 7.0.7 is vulnerable to reflected cross-site scripting. A fix was released in version 7.0.8...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay

Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If t...

govuk_tech_docs vulnerable to unescaped HTML on search results page

Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...

Fluent Fluentd and Fluent-ui use default password

An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 that allows attackers to gain escilated privileges and execute arbitrary code due to use of a default password...

Fluent Fluentd and Fluent-ui use default password

An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 that allows attackers to gain escilated privileges and execute arbitrary code due to use of a default password...

Ruby Time component ReDos issue

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...

Ruby URI component ReDoS issue

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1...

unpoly-rails Denial of Service vulnerability

There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. Impact This issues affects Rails applications that operate as an upstream of a load balancer's that uses passive health checks. The unpoly-rails gem...

GHSL-2022-094: Remote Code Execution in discordrb

The encodefile method may lead to remote code execution RCE if invoked with untrusted user-controlled data...

DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements

NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...

Possible Deserialization of Untrusted Data Vulnerability in Kredis JSON

There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code. This vulnerability has been assigned the CVE identifier CVE-2023-27531. 'Not affected: None.' 'Versions Affected: All.' 'Fixed Versions: 1.3.0.1' Impact Carefully crafted JSON data processed by...

Possible XSS Security Vulnerability in SafeBuffer#bytesplice

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 Impact ActiveSupport uses...

Possible Denial of Service Vulnerability in Rack’s header parsing

There is a denial of service vulnerability in the header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27539. Versions Affected: = 2.0.0 Not affected: None. Fixed Versions: 2.2.6.4, 3.0.6.1 Impact Carefully crafted input can cause header parsing in Ra...

Possible DoS Vulnerability in Multipart MIME parsing

There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530. Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3 Impact The Multipart MIME parsing code in Rack...

Code injection in pdf_info

pdfinfo 0.5.3 is vulnerable to Command Execution. An attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization there is no validation performed and the user provided path is used...

https://github.com/mruby/mruby/issues/5613

An Untrusted Pointer Dereference was discovered in function mrbvmexec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash...

CSRF Vulnerability with Rails < 5.2

Clockwork Web is vulnerable to cross-site request forgery CSRF with Rails 5.2. A CSRF attack works by getting an authorized user to visit a malicious website and then performing requests on behalf of the user. In this instance, actions include enabling and disabling jobs...

Publify contains Weak Password Requirements

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10...

Improper neutralization of `noscript` element content may allow XSS in Sanitize

Impact Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize = 5.0.0, = 6.0.1 always removes noscript elements and their contents, even when noscript is in the allowlist. Workarounds Users who are unable to upgrade can prevent this issue by using one of...

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in combination with a...

ReDoS based DoS vulnerability in Action Dispatch

There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 6.1.7.1, 7.0.4.1 Impact A specially crafted HTTP...

Open Redirect Vulnerability in Action Pack

There is a vulnerability in Action Controller’s redirectto. This vulnerability has been assigned the CVE identifier CVE-2023-22797. Versions Affected: = 7.0.0 Not affected: 7.0.0 Fixed Versions: 7.0.4.1 Impact There is a possible open redirect when using the redirectto helper with untrusted user...

Denial of service via multipart parsing in Rack

There is a denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44572. Versions Affected: = 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.4.1 Impact Carefully crafted input can cause...

ReDoS based DoS vulnerability in Active Support’s underscore

There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796. Versions Affected: All Not affected: None Fixed Versions: 6.1.7.1, 7.0.4.1 Impact A specially crafted string passed to the underscore method ca...

ReDoS based DoS vulnerability in GlobalID

There is a ReDoS based DoS vulnerability in the GlobalID gem. This vulnerability has been assigned the CVE identifier CVE-2023-22799. Versions Affected: = 0.2.1 Not affected: 0.2.1 Fixed Versions: 1.0.1 Impact There is a possible DoS vulnerability in the model name parsing section of the GlobalID...

SQL Injection Vulnerability via ActiveRecord comments

There is a possible vulnerability in ActiveRecord related to the sanitization of comments. This vulnerability has been assigned the CVE identifier CVE-2023-22794. Versions Affected: = 6.0.0 Not affected: All users running an affected release should either upgrade or use one of the workarounds...

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter

There is a potential denial of service vulnerability present in ActiveRecord’s PostgreSQL adapter. This has been assigned the CVE identifier CVE-2022-44566. Versions Affected: All. Not affected: None. Fixed Versions: 6.1.7.1, 7.0.4.1 Impact In ActiveRecord 7.0.4.1 and 6.1.7.1, when a value outsid...

Denial of Service Vulnerability in Rack Content-Disposition parsing

There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44571. Versions Affected: = 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.4.1 Impact Carefully crafted input...

Denial of service via header parsing in Rack

There is a possible denial of service vulnerability in the Range header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44570. Versions Affected: = 1.5.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.2, 3.0.4.1 Impact Carefully crafted inp...

Sisimai Inefficient Regular Expression Complexity vulnerability

A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function toplain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be...

Code injection in ruby git

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648...

curupira is vulnerable to SQL injection

A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwordscontroller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The name o...

Integer overflow in publify_core

Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10 due to an unlimited length user name field...

Publify Improper Input Validation vulnerability

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10...

Publify Core does not strip metadata from images

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10...

Inline SVG vulnerable to Cross-site Scripting

A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inlinesvg/actionview/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to...

Potential remote code execution in ruby-git

The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the 'git ls-files' command using eval to unescape quoted file names. If a file name was added to the git repository contained special characters, such as '\n', then the 'git ls-files' command would print the file nam...

Information Disclosure Through EXPLAIN Feature

A malicious PgHero user can use the EXPLAIN functionality to extract data from the database. With certain inputs, a user can get the results of a query to appear in an error message. If the PgHero database user has superuser privileges not recommended, the user can use file access functions to re...

httparty has multipart/form-data request tampering vulnerability

HTTP multipart/form-data request tampering vulnerability in httparty 0.20.0, due to lack of proper escaping of double quotes within the filename attribute of the Content-Disposition header. If the Content-Disposition header is set to "form-data" and contains the "filename" attribute, and the...

keynote Cross-site Scripting vulnerability

A vulnerability was found in rf Keynote up to 0.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to...

Oxidized Web vulnerable to Cross-site Scripting

A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/confsearch.haml. The manipulation of the argument toresearch leads to cross site scripting. It is possible to launch the attack remotely. The...

text_helpers uses web link to untrusted target with window.opener access

A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...

active_attr Improper Resource Shutdown or Release vulnerability

A vulnerability classified as problematic has been found in cgriego activeattr up to 0.15.3. This affects the function call of the file lib/activeattr/typecasting/booleantypecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit ha...

Uncontrolled Recursion in Loofah

Summary Loofah = 2.2.0, = 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized...