1254 matches found
govuk_tech_docs vulnerable to unescaped HTML on search results page
Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...
Fluent Fluentd and Fluent-ui use default password
An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 that allows attackers to gain escilated privileges and execute arbitrary code due to use of a default password...
Fluent Fluentd and Fluent-ui use default password
An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 that allows attackers to gain escilated privileges and execute arbitrary code due to use of a default password...
Ruby URI component ReDoS issue
A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1...
Ruby Time component ReDos issue
A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2...
unpoly-rails Denial of Service vulnerability
There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. Impact This issues affects Rails applications that operate as an upstream of a load balancer's that uses passive health checks. The unpoly-rails gem...
GHSL-2022-094: Remote Code Execution in discordrb
The encodefile method may lead to remote code execution RCE if invoked with untrusted user-controlled data...
Possible Deserialization of Untrusted Data Vulnerability in Kredis JSON
There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code. This vulnerability has been assigned the CVE identifier CVE-2023-27531. 'Not affected: None.' 'Versions Affected: All.' 'Fixed Versions: 1.3.0.1' Impact Carefully crafted JSON data processed by...
Possible XSS Security Vulnerability in SafeBuffer#bytesplice
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 Impact ActiveSupport uses...
DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...
Possible Denial of Service Vulnerability in Rack’s header parsing
There is a denial of service vulnerability in the header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27539. Versions Affected: = 2.0.0 Not affected: None. Fixed Versions: 2.2.6.4, 3.0.6.1 Impact Carefully crafted input can cause header parsing in Ra...
Possible DoS Vulnerability in Multipart MIME parsing
There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530. Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3 Impact The Multipart MIME parsing code in Rack...
Code injection in pdf_info
pdfinfo 0.5.3 is vulnerable to Command Execution. An attacker using a specially crafted payload may execute OS commands by using command chaining because during object initalization there is no validation performed and the user provided path is used...
https://github.com/mruby/mruby/issues/5613
An Untrusted Pointer Dereference was discovered in function mrbvmexec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash...
CSRF Vulnerability with Rails < 5.2
Clockwork Web is vulnerable to cross-site request forgery CSRF with Rails 5.2. A CSRF attack works by getting an authorized user to visit a malicious website and then performing requests on behalf of the user. In this instance, actions include enabling and disabling jobs...
Publify contains Weak Password Requirements
Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10...
Improper neutralization of `noscript` element content may allow XSS in Sanitize
Impact Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize = 5.0.0, = 6.0.1 always removes noscript elements and their contents, even when noscript is in the allowlist. Workarounds Users who are unable to upgrade can prevent this issue by using one of...
ReDoS based DoS vulnerability in GlobalID
There is a ReDoS based DoS vulnerability in the GlobalID gem. This vulnerability has been assigned the CVE identifier CVE-2023-22799. Versions Affected: = 0.2.1 Not affected: 0.2.1 Fixed Versions: 1.0.1 Impact There is a possible DoS vulnerability in the model name parsing section of the GlobalID...
SQL Injection Vulnerability via ActiveRecord comments
There is a possible vulnerability in ActiveRecord related to the sanitization of comments. This vulnerability has been assigned the CVE identifier CVE-2023-22794. Versions Affected: = 6.0.0 Not affected: All users running an affected release should either upgrade or use one of the workarounds...
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
There is a potential denial of service vulnerability present in ActiveRecord’s PostgreSQL adapter. This has been assigned the CVE identifier CVE-2022-44566. Versions Affected: All. Not affected: None. Fixed Versions: 6.1.7.1, 7.0.4.1 Impact In ActiveRecord 7.0.4.1 and 6.1.7.1, when a value outsid...
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2023-22792. Versions Affected: = 3.0.0 Not affected: 3.0.0 Fixed Versions: 6.1.7.1, 7.0.4.1 Impact Specially crafted cookies, in combination with a...
Denial of service via header parsing in Rack
There is a possible denial of service vulnerability in the Range header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44570. Versions Affected: = 1.5.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.2, 3.0.4.1 Impact Carefully crafted inp...
Denial of service via multipart parsing in Rack
There is a denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44572. Versions Affected: = 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.4.1 Impact Carefully crafted input can cause...
Open Redirect Vulnerability in Action Pack
There is a vulnerability in Action Controller’s redirectto. This vulnerability has been assigned the CVE identifier CVE-2023-22797. Versions Affected: = 7.0.0 Not affected: 7.0.0 Fixed Versions: 7.0.4.1 Impact There is a possible open redirect when using the redirectto helper with untrusted user...
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. Versions Affected: All Not affected: None Fixed Versions: 6.1.7.1, 7.0.4.1 Impact A specially crafted HTTP...
ReDoS based DoS vulnerability in Active Support’s underscore
There is a possible regular expression based DoS vulnerability in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-22796. Versions Affected: All Not affected: None Fixed Versions: 6.1.7.1, 7.0.4.1 Impact A specially crafted string passed to the underscore method ca...
Denial of Service Vulnerability in Rack Content-Disposition parsing
There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44571. Versions Affected: = 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.4.1 Impact Carefully crafted input...
Sisimai Inefficient Regular Expression Complexity vulnerability
A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function toplain of the file lib/sisimai/string.rb. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be...
Code injection in ruby git
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648...
curupira is vulnerable to SQL injection
A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwordscontroller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The name o...
Publify Core does not strip metadata from images
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10...
Publify Improper Input Validation vulnerability
Improper Input Validation in GitHub repository publify/publify prior to 9.2.10...
Integer overflow in publify_core
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10 due to an unlimited length user name field...
Inline SVG vulnerable to Cross-site Scripting
A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inlinesvg/actionview/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to...
Potential remote code execution in ruby-git
The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the 'git ls-files' command using eval to unescape quoted file names. If a file name was added to the git repository contained special characters, such as '\n', then the 'git ls-files' command would print the file nam...
Information Disclosure Through EXPLAIN Feature
A malicious PgHero user can use the EXPLAIN functionality to extract data from the database. With certain inputs, a user can get the results of a query to appear in an error message. If the PgHero database user has superuser privileges not recommended, the user can use file access functions to re...
httparty has multipart/form-data request tampering vulnerability
HTTP multipart/form-data request tampering vulnerability in httparty 0.20.0, due to lack of proper escaping of double quotes within the filename attribute of the Content-Disposition header. If the Content-Disposition header is set to "form-data" and contains the "filename" attribute, and the...
keynote Cross-site Scripting vulnerability
A vulnerability was found in rf Keynote up to 0.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to...
Oxidized Web vulnerable to Cross-site Scripting
A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/confsearch.haml. The manipulation of the argument toresearch leads to cross site scripting. It is possible to launch the attack remotely. The...
text_helpers uses web link to untrusted target with window.opener access
A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...
active_attr Improper Resource Shutdown or Release vulnerability
A vulnerability classified as problematic has been found in cgriego activeattr up to 0.15.3. This affects the function call of the file lib/activeattr/typecasting/booleantypecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit ha...
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 Impact A possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject...
Inefficient Regular Expression Complexity in rails-html-sanitizer
Summary Certain configurations of rails-html-sanitizer = 1.4.4...
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This is due to an incomplete fix of CVE-2022-32209. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 Impact A possible XSS vulnerability with certain configurations of...
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Summary rails-html-sanitizer = 1.0.3, = 2.1.0. Mitigation Upgrade to rails-html-sanitizer = 1.4.4...
Uncontrolled Recursion in Loofah
Summary Loofah = 2.2.0, = 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized...
Improper neutralization of data URIs may allow XSS in Loofah
Summary Loofah = 2.1.0, = 2.19.1...
Inefficient Regular Expression Complexity in Loofah
Summary Loofah = 2.19.1...
Unchecked return value from xmlTextReaderExpand
Summary Nokogiri 1.13.8, 1.13.9 fails to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. For applications using XML::Reader to parse untrusted inputs, this may...
Sinatra vulnerable to Reflected File Download attack
An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input...