Lucene search
+L
RubygemsRecent

1254 matches found

RubySec
RubySec
added 2022/11/22 12:0 a.m.48 views

HTTP response splitting in CGI

If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application creates a CGI::Cookie object bas...

8.8CVSS6.9AI score0.02287EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/11/19 12:0 a.m.22 views

Unsanitized input leading to code injection in Dalli

A vulnerability was found in Dalli. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The name of the patch is...

6.3CVSS1AI score0.01284EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/11/18 12:0 a.m.31 views

HTTP response splitting in CGI

cgi.rb in Ruby through 2.6.x, through 3.0x, and through 3.1.x allows HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to...

8.8CVSS7.3AI score0.02287EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/11/02 12:0 a.m.24 views

fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)

Impact A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable FLUENTOJOPTIONMODE is explicitly set to object...

9.8CVSS5.6AI score0.44708EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/10/07 12:0 a.m.26 views

Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint

Impact An authenticated user can perform a remote Denial of Service attack against Fat Free CRM. This vulnerability has been assigned the CVE identifier: CVE-2022-39281 Affected versions: All Not affected: None Fixed versions: 0.20.1 All users running an affected release should either upgrade or...

6.5CVSS5.2AI score0.01414EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/10/04 12:0 a.m.37 views

protobuf-java has a potential Denial of Service issue

Summary A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

7.5CVSS3.3AI score0.01048EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/09/28 12:0 a.m.6 views

Exploitable heap overflow vulnerability exists in Ruby's Psych::Emitter start_document function

An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array...

9.8CVSS7.4AI score0.04644EPSS
Exploits3References1Affected Software1
RubySec
RubySec
added 2022/09/21 12:0 a.m.21 views

arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm

Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...

7.8CVSS3.2AI score0.01628EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/09/10 12:0 a.m.39 views

PDFKit vulnerable to Command Injection

The package pdfkit from version 0.0.0 through version 0.8.6 is vulnerable to Command Injection where the URL is not properly sanitized...

9.8CVSS3.9AI score0.39389EPSS
Exploits11References1Affected Software1
RubySec
RubySec
added 2022/08/19 12:0 a.m.22 views

OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value

lib/omniauth/failureendpoint.rb in OmniAuth before 1.9.2 and before 2.0 does not escape the messagekey value...

9.8CVSS2.3AI score0.01035EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/08/11 12:0 a.m.16 views

update_by_case before 0.1.3 can be vulnerable to sql injection

Before version 0.1.3 updatebycase gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrade to version = 0.1.3 that uses Arel instead to construct the resulting sql statement, with sanitized sql...

9.8CVSS3AI score0.00524EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/07/21 12:0 a.m.32 views

TZInfo relative path traversal vulnerability allows loading of arbitrary files

Impact Affected versions - 0.3.60 and earlier. - 1.0.0 to 1.2.9 when used with the Ruby data source tzinfo-data. Vulnerability With the Ruby data source the tzinfo-data gem for tzinfo version 1.0.0 and later and built-in to earlier versions, time zones are defined in Ruby files. There is one file...

8.1CVSS1.6AI score0.01786EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/07/16 12:0 a.m.16 views

XSS via `filename` parameter to New Page dialog

Cross site scripting XSS in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog...

6.1CVSS2.8AI score0.00728EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/07/15 12:0 a.m.23 views

jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label

Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio "refresh" on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can le...

6.1CVSS6.8AI score0.02475EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/07/12 12:0 a.m.52 views

Possible RCE escalation bug with Serialized Columns in Active Record

There is a possible escalation to RCE when using YAML serialized columns in Active Record. This vulnerability has been assigned the CVE identifier CVE-2022-32224. Versions Affected: All. Not affected: None Fixed Versions: 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1 Impact ------ When serialized columns th...

9.8CVSS2.5AI score0.02386EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/07/05 12:0 a.m.20 views

Unsafe YAML deserialization in opensearch-ruby

Impact A YAML deserialization in opensearch-ruby 2.0.0 can lead to unsafe deserialization using YAML.load if the response is of type YAML. Patches The problem has been patched in opensearch-ruby gem version 2.0.2. Workarounds No viable workaround. Please upgrade to 2.0.2...

8.8CVSS3.7AI score0.01537EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/06/28 12:0 a.m.14 views

ruby-mysql Client File Read

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...

3.5AI score0.02199EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/06/28 12:0 a.m.33 views

ruby-mysql Client File Read

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later...

6.5CVSS3.5AI score0.01133EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/06/27 12:0 a.m.69 views

Denial of Service Vulnerability in Rack Multipart Parsing

There is a possible denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30122. Versions Affected: = 1.2 Not affected: 1.2 Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1 Impact Carefully crafted multipart POST...

7.5CVSS4.2AI score0.02056EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/06/27 12:0 a.m.82 views

Possible shell escape sequence injection vulnerability in Rack

There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30123. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1 Impact Carefully crafted...

10CVSS4.3AI score0.01801EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/06/24 12:0 a.m.20 views

Improper handling of double quotes in file name in Diffy in Windows environment

The function that calls the diff tool in versions of Diffy prior to 3.4.1 does not properly handle double quotes in a filename when run in a Windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS6.5AI score0.01705EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/06/15 12:0 a.m.21 views

Octokit gem published with world-writable files

Impact Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not the owner Group and Public with...

3.3CVSS2.1AI score0.00251EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/06/15 12:0 a.m.15 views

Octopoller gem published with world-writable files

Impact Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not the owner Group and Public with access to the...

3.3CVSS2.3AI score0.00214EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/06/09 12:0 a.m.47 views

Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer

There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This vulnerability has been assigned the CVE identifier CVE-2022-32209. Versions Affected: ALL Not affected: NONE Fixed Versions: v1.4.3 Impact A possible XSS vulnerability with certain configurations of...

6.1CVSS1.2AI score0.29316EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/06/09 12:0 a.m.61 views

Authorization header leak on port redirect in mechanize

Summary Mechanize rubygem Cookies do not provide isolation by port. If a cookie is readable by a service running on one port, the cookie is also readable by a service running on another port of the same server. If a cookie is writable by a service on one port, the cookie is also writable by a...

7.5CVSS0.7AI score0.03425EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/06/07 12:0 a.m.28 views

JMESPath for Ruby using JSON.load instead of JSON.parse

jmespath.rb aka JMESPath for Ruby before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable...

9.8CVSS1.9AI score0.02131EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/06/06 12:0 a.m.15 views

Use of Uninitialized Variable in trilogy

Impact When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Patches Users of the trilogy gem should upgrade to version 2.1.1 Workarounds This iss...

7.5CVSS5AI score0.01EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/06/03 12:0 a.m.21 views

Arbitrary file write in dragonfly

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...

9.1CVSS5.2AI score0.0104EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/06/01 12:0 a.m.23 views

CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend

Impact CSRF vulnerability allowing attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Reproduction steps: - Take an order's number. - Log in as an administrator. - Visit that order's adjustments section...

4.3CVSS2.7AI score0.00367EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/31 12:0 a.m.17 views

Use-After-Free in function hash_new_from_values in mruby/mruby

Use After Free in GitHub repository mruby/mruby prior to 3.2...

7.8CVSS6.9AI score0.00398EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.23 views

apollo_upload_server has Denial of Service vulnerability

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollouploadserver middleware...

6.5CVSS6.4AI score0.01328EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.20 views

Nokogiri implementation of libxslt vulnerable to heap corruption

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.3...

7.5CVSS6.8AI score0.01817EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.7 views

Improper Neutralization of Input During Web Page Generation in CKEditor4

A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...

6.1CVSS6AI score0.02018EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.25 views

Fat Free CRM Cross-site Scripting vulnerability

HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI...

5.4CVSS2.3AI score0.04702EPSS
Exploits4References1
RubySec
RubySec
added 2022/05/24 12:0 a.m.23 views

Gitaly Insufficient Session Expiration vulnerability

When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: =1.79.0, =13.4, =13.5, 13.5.2...

3.2CVSS4AI score0.00271EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.19 views

papercrop does not properly handle crop input

The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input...

9.8CVSS0.7AI score0.0178EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.14 views

Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module

By launching the drbremotecodeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with...

8.8CVSS6.7AI score0.0175EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.18 views

Improper Access Control in publify

A low-privileged user can modify and delete admin articles just by changing the value of the articleid parameter prior to 9.2.9...

9.9CVSS2.8AI score0.00803EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.23 views

Missing Initialization of Resource in Apache Arrow

It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...

7.5CVSS3AI score0.03225EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.21 views

Missing Initialization of Resource in Apache Arrow

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...

7.5CVSS2.7AI score0.04711EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.16 views

Elastic APM agent for Ruby vulnerable to Improper Certificate Validation

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the servercacert setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the...

7.4CVSS3AI score0.00644EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.30 views

libxslt Type Confusion vulnerability that affects Nokogiri

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Nokogiri prior to version 1.10.5 used a vulnerable...

5.3CVSS6.4AI score0.05147EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.32 views

Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

5.9CVSS6.7AI score0.03503EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.27 views

Nokogiri affected by libxslt Use of Uninitialized Resource/ Use After Free vulnerability

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be...

7.5CVSS6.9AI score0.04446EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.30 views

Nokogiri contains libxml Out-of-bounds Write vulnerability

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...

8.6CVSS7.2AI score0.0828EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.49 views

Devise Token Auth vulnerable to Cross-site Scripting

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

6.1CVSS4.7AI score0.00927EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.19 views

Nokogiri Implements libxml2 version vulnerable to use-after-free

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability...

8.8CVSS6.6AI score0.03653EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.21 views

Camaleon CMS vulnerable to Uncaught Exception

In Camaleon CMS, versions 2.0.1 through 2.6.0 are vulnerable to an Uncaught Exception. The app's media upload feature crashes permanently when an attacker with a low privileged access uploads a specially crafted .svg file...

4.3CVSS4.6AI score0.00976EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.18 views

Camaleon CMS Insufficient Session Expiration vulnerability

Camaleon CMS 0.1.7 through 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed...

8.8CVSS3.2AI score0.01265EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2022/05/24 12:0 a.m.20 views

Camaleon CMS vulnerable to Server-Side Request Forgery

In Camaleon CMS, versions 2.1.2.0 through 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to...

4.9CVSS4.4AI score0.00954EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities1254