DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENSUSE-SU-2020:2000-1", "vendorId": null, "type": "suse", "bulletinFamily": "unix", "title": "Security update for rmt-server (important)", "description": "An update that fixes 16 vulnerabilities is now available.\n\nDescription:\n\n This update for rmt-server fixes the following issues:\n\n - Version 2.6.5\n - Solved potential bug of SCC repository URLs changing over time. RMT now\n self heals by removing the previous invalid repository and creating the\n correct one.\n\n - Version 2.6.4\n - Add web server settings to /etc/rmt.conf: Now it's possible to configure\n the minimum and maximum threads count as well the number of web server\n workers to be booted through /etc/rmt.conf.\n\n - Version 2.6.3\n - Instead of using an MD5 of URLs for custom repository friendly_ids, RMT\n now builds an ID from the name.\n\n - Version 2.6.2\n - Fix RMT file caching based on timestamps: Previously, RMT sent GET\n requests with the header 'If-Modified-Since' to a repository server and\n if the response had a 304 (Not Modified), it would copy a file from the\n local cache instead of downloading. However, if the local file timestamp\n accidentally changed to a date newer than the one on the repository\n server, RMT would have an outdated file, which caused some errors. Now,\n RMT makes HEAD requests to the repositories servers and inspect the\n 'Last-Modified' header to decide whether to download a file or copy it\n from cache, by comparing the equalness of timestamps.\n\n\n - Version 2.6.1\n - Fixed an issue where relative paths supplied to `rmt-cli import repos`\n caused the command to fail.\n\n - Version 2.6.0\n - Friendlier IDs for custom repositories: In an effort to simplify the\n handling of SCC and custom repositories, RMT now has friendly IDs. For\n SCC repositories, it's the same SCC ID as before. For custom\n repositories, it can either be user provided\n or RMT generated (MD5 of the provided URL). Benefits:\n * `rmt-cli mirror repositories` now works for custom repositories.\n * Custom repository IDs can be the same across RMT instances.\n * No more confusing \"SCC ID\" vs \"ID\" in `rmt-cli` output. Deprecation\n Warnings:\n * RMT now uses a different ID for custom repositories than before. RMT\n still supports that old ID, but it's recommended to start using the\n new ID to ensure future compatibility.\n\n - Version 2.5.20\n - Updated rails from 6.0.3.2 to 6.0.3.3:\n - actionview (CVE-2020-15169)\n\n - Version 2.5.19\n - RMT now has the ability to remove local systems with the command\n `rmt-cli systems remove`.\n\n - Version 2.5.18\n - Fixed exit code for `rmt-cli mirror` and its subcommands. Now it exits\n with 1 whenever an error occurs during mirroring\n - Improved message logging for `rtm-cli mirror`. Instead of logging an\n error when it occurs, the command summarize all errors at the end of\n execution. Now log messages have colors to better identify\n failure/success.\n\n - Version 2.5.17\n - RMT no longer provides the installer updates repository to systems via\n its zypper service. This repository is used during the installation\n process, as it provides an up-to-date installation experience, but it\n has no use on an already installed system.\n\n - Version 2.5.16\n - Updated RMT's rails and puma dependencies.\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249, CVE-2020-5247\n CVE-2019-16770)\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418, CVE-2019-5419)\n - activesupport (CVE-2020-8165)\n - railties (CVE-2019-5420)\n\n - Version 2.5.15\n - RMT now checks if repositories are fully mirrored during the activation\n process. Previously, RMT only checked if the repositories were enabled\n to be mirrored, but not that they were actually mirrored. In this case,\n RMTs were not able to provide the repository data which systems assumed\n it had.\n\n - Version 2.5.14\n - Enable 'Installer-Updates' repositories by default\n\n - Fixed deprecation warning when thor encountered an error. Also, instead\n of returning 0 for thor errors, rmt-cli will return 1 instead.\n\n - Version 2.5.13\n - Added `rmt-cli repos clean` command to remove locally mirrored files\n of repositories which are not marked to be mirrored.\n - Previously, RMT didn't track deduplicated files in its database. Now, to\n accommodate `rmt-cli repos clean`, RMT will track all mirrored files.\n\n - Move the nginx reload to the configuration package which contain nginx\n config files, don't reload nginx unconditionally from main package.\n\n - Version 2.5.12\n - Update rack to version 2.2.3 (CVE-2020-8184: bsc#1173351)\n - Update Rails to version 5.2.4.3:\n - actionpack (CVE-2020-8164: bsc#1172177)\n - actionpack (CVE-2020-8166: bsc#1172182)\n - activesupport (CVE-2020-8165: bsc#1172186)\n - actionview (CVE-2020-8167: bsc#1172184)\n\n - Version 2.5.11\n - rmt-server-pubcloud:\n - SLES11 EOL\n - Extension activation verification based on the available subscriptions\n - Added a manual instance verification script\n\n - Version 2.5.10\n - Support rmt-server to run with Ruby 2.7 (Factory/Tumbleweed):\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix incompatibility\n Ruby 2.7 OpenStruct class;\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order to also bump\n gem 'ethon' version, which caused a 'rb_safe_level' warning on Ruby\n 2.7;\n - Fix \"last arg as keyword arg\" Ruby 2.7 warning on source code;\n - Disable \"deprecated\" warnings from Ruby 2.7; Rails 5.1 generates a lot\n of warnings with Ruby 2.7, mainly due to \"capturing the given block\n with Proc.new\", which is deprecated;\n - Improve RPM spec to consider only the distribution default Ruby\n version configured in OBS;\n - Improve RPM spec to remove Ruby 2.7 warnings regarding 'bundler.\n\n - Move nginx/vhosts.d directory to correct sub-package. They are needed\n together with nginx, not rmt-server.\n - Fix dependencies especially for containerized usage:\n - mariadb and nginx are not hard requires, could run on another host\n - Fix generic dependencies:\n - systemd ordering was missing\n - shadow is required for pre-install\n\n - Version 2.5.9\n - rmt-server-pubcloud: enforce strict authentication\n\n - Version 2.5.8\n - Use repomd_parser gem to remove repository metadata parsing code.\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-2000=1", "published": "2020-11-23T00:00:00", "modified": "2020-11-23T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7MCDUWQEXA3XGI7X2XPATA7YTNVDYTSF/", "reporter": "Suse", "references": [], "cvelist": ["CVE-2019-16770", "CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420", "CVE-2020-11076", "CVE-2020-11077", "CVE-2020-15169", "CVE-2020-5247", "CVE-2020-5249", "CVE-2020-5267", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8184", "CVE-2020-8185"], "immutableFields": [], "lastseen": "2022-04-18T12:40:55", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2020-1440"]}, {"type": "attackerkb", "idList": ["AKB:14530FED-0617-4192-812F-B80666A8BDAE", "AKB:1E91DAD8-4A04-42CC-B143-C06594396938"]}, {"type": "canvas", "idList": ["RAILS_ACCEPT_READFILE", "RAILS_ACTIVESTORAGE_RCE"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-0784", "CPAI-2019-2207", "CPAI-2020-1223"]}, {"type": "cve", "idList": ["CVE-2019-16770", "CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420", "CVE-2020-11076", "CVE-2020-11077", "CVE-2020-15169", "CVE-2020-5247", "CVE-2020-5249", "CVE-2020-5267", "CVE-2020-7070", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8184", "CVE-2020-8185", "CVE-2021-29509"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1739-1:3959D", "DEBIAN:DLA-1739-1:BC765", "DEBIAN:DLA-2149-1:582BF", "DEBIAN:DLA-2149-1:C4C44", "DEBIAN:DLA-2251-1:4D21E", "DEBIAN:DLA-2275-1:A53C9", "DEBIAN:DLA-2275-1:E7E16", "DEBIAN:DLA-2282-1:AA7B9", "DEBIAN:DLA-2398-1:DA3D0", "DEBIAN:DLA-2398-1:E6070", "DEBIAN:DLA-2403-1:8BD9E", "DEBIAN:DLA-2403-1:A426F", "DEBIAN:DLA-3023-1:8FA49", "DEBIAN:DSA-4766-1:03D2D"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-16770", "DEBIANCVE:CVE-2019-5418", "DEBIANCVE:CVE-2019-5419", "DEBIANCVE:CVE-2019-5420", "DEBIANCVE:CVE-2020-11076", "DEBIANCVE:CVE-2020-11077", "DEBIANCVE:CVE-2020-15169", "DEBIANCVE:CVE-2020-5247", "DEBIANCVE:CVE-2020-5249", "DEBIANCVE:CVE-2020-5267", "DEBIANCVE:CVE-2020-7070", "DEBIANCVE:CVE-2020-8164", "DEBIANCVE:CVE-2020-8165", "DEBIANCVE:CVE-2020-8166", "DEBIANCVE:CVE-2020-8167", "DEBIANCVE:CVE-2020-8184", "DEBIANCVE:CVE-2020-8185", "DEBIANCVE:CVE-2021-29509"]}, {"type": "dsquare", "idList": ["E-683"]}, {"type": "exploitdb", "idList": ["EDB-ID:46585", "EDB-ID:46785"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:DCA0047F9446E67F154773DC2F542F43"]}, {"type": "f5", "idList": ["F5:K11435435"]}, {"type": "fedora", "idList": ["FEDORA:02EB26020AF1", "FEDORA:04C8E30BDAB3", "FEDORA:1BE4F30C0EF2", "FEDORA:201C860427AE", "FEDORA:2DDE030C0EF7", "FEDORA:3313D30C0EF8", "FEDORA:36BC5608DDAC", "FEDORA:3AF9260427B6", "FEDORA:4A6A3309B6F1", "FEDORA:561E660427BA", "FEDORA:61EBD30BDAB3", "FEDORA:6500563042DF", "FEDORA:6863A6087E4D", "FEDORA:6905030C0EF2", "FEDORA:706DC60427E4", "FEDORA:7AD1030BB654", "FEDORA:8116230C0EF7", "FEDORA:8A3C26042808", "FEDORA:92FD1309B6F1", "FEDORA:98F1A30C0EF8", "FEDORA:A58F36042B2A", "FEDORA:AC7E030C9BDF", "FEDORA:ACA3160876F5", "FEDORA:AF8C030C0EF2", "FEDORA:BF4696042B2C", "FEDORA:C779E30C0EFA", "FEDORA:D93AD6020AF1", "FEDORA:E04FA30C0EFD", "FEDORA:F2F4B60427B6"]}, {"type": "freebsd", "idList": ["1396A74A-4997-11E9-B5F1-83EDB3F89BA1", "7B630362-F468-11EA-A96C-08002728F74C", "85FCA718-99F6-11EA-BF1D-08002728F74C", "FEB8AFDC-B3E5-11EA-9DF5-08002728F74C"]}, {"type": "github", "idList": ["GHSA-2P68-F74V-9WC6", "GHSA-33VF-4XGG-9R58", "GHSA-65CV-R6X7-79HV", "GHSA-7XX3-M584-X994", "GHSA-84J7-475P-HP8V", "GHSA-86G5-2WH3-GC9J", "GHSA-8727-M6GJ-MC37", "GHSA-C6QR-H5VQ-59JC", "GHSA-CFJV-5498-MPH5", "GHSA-J6W9-FV6Q-3Q52", "GHSA-JP5V-5GX4-JMJ9", "GHSA-M42H-MH85-4QGC", "GHSA-M63J-WH5W-C252", "GHSA-Q28M-8XJW-8VR5", "GHSA-W64W-QQPH-5GXM", "GHSA-X7JG-6PWG-FX5H", "GHSA-XQ5J-GW7F-JGJ8"]}, {"type": "githubexploit", "idList": ["1AA560B7-D951-5AD1-AE25-D44C542B218B", "1B4B2D33-DA2D-5E3F-A1A6-FC5997A7558C", "27155F58-3ADE-564B-A3AA-579D94D79DAE", "3B6A3B39-6E6B-5E2D-8FA8-D34732708B4B", "43775689-1819-5346-BFF2-D07E4CC21611", "4EC69F6B-701F-551C-9FE3-70D0D308798A", "60737735-B0CC-556A-96EB-B41ED58C507B", "78840956-5A47-5CE4-8509-122957977EAB", "7C5BFDFC-84A3-5771-BA4F-5FCF5C38D48C", "85A51425-6AD4-5A79-A202-579492F85437", "97B09B8B-70D8-53A6-84D5-EC8077CDF94F", "9A2C7492-7042-50E5-96F0-B3E8C301634E", "CECC5D54-6258-568A-858F-9209E5656C0D", "DA85122C-5559-534B-9447-C9C43A4CBB65", "DC216D07-7CB4-5CE9-A7DB-F26B7C40ECEF"]}, {"type": "gitlab", "idList": ["GITLAB-0388FEE42FF228F4D4F0033D32C19378", "GITLAB-44D0471EDAE82B4A88EFC08288B8346F", "GITLAB-8846F944D8AD0C1C390C7FAB562E1A0B", "GITLAB-AB4789FCCC0432BF4300068B9CAB5AD9", "GITLAB-C4602184FB9CFD16F11A14FCBB7AAAFA", "GITLAB-EB2002D0248799FE42732BEF81E56297"]}, {"type": "hackerone", "idList": ["H1:1464396", "H1:473888", "H1:732415", "H1:895727", "H1:899069", "H1:904059"]}, {"type": "ibm", "idList": ["7325F728122447EAC9342148FCD97E334C0424FFB7894D8BD8F1BB790CFFF2D1", "83F53A1D05170BCE5BFE0F61D6B8CDDCC22EADA48AC8EA91C7ABC907D33AA5A1", "8C90E11DB242E8DC044F905A8987B587D4A711080CE57EFC871310507AC8BF90", "B9AC236DED8C5D19F13C6F7F060C1F2ECFB7D9164115370343018A74255E2481", "E2209E6C72E8F3769AE66FC552E5B22B7D485BDB9DC1D4EE7D4624F9892A4847", "ECC9F68A7B7CDECDFC597F669D0D6D39FA9047BF0CDD8D2EF3C9BE9843D8E63B"]}, {"type": "mageia", "idList": ["MGASA-2020-0306"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-GATHER-RAILS_DOUBLETAP_FILE_READ-", "MSF:EXPLOIT-MULTI-HTTP-RAILS_DOUBLE_TAP-"]}, {"type": "nessus", "idList": ["ALA_ALAS-2020-1440.NASL", "DEBIAN_DLA-1739.NASL", "DEBIAN_DLA-2149.NASL", "DEBIAN_DLA-2251.NASL", "DEBIAN_DLA-2275.NASL", "DEBIAN_DLA-2282.NASL", "DEBIAN_DLA-2398.NASL", "DEBIAN_DLA-2403.NASL", "DEBIAN_DLA-3023.NASL", "DEBIAN_DSA-4766.NASL", "EULEROS_SA-2020-2316.NASL", "EULEROS_SA-2021-1566.NASL", "FEDORA_2019-1CFE24DB5C.NASL", "FEDORA_2020-08092B4C97.NASL", "FEDORA_2020-4DD34860A3.NASL", "FEDORA_2020-FD87F90634.NASL", "FREEBSD_PKG_1396A74A499711E9B5F183EDB3F89BA1.NASL", "FREEBSD_PKG_7B630362F46811EAA96C08002728F74C.NASL", "FREEBSD_PKG_85FCA71899F611EABF1D08002728F74C.NASL", "FREEBSD_PKG_FEB8AFDCB3E511EA9DF508002728F74C.NASL", "OPENSUSE-2019-1344.NASL", "OPENSUSE-2019-1527.NASL", "OPENSUSE-2019-1824.NASL", "OPENSUSE-2020-1001.NASL", "OPENSUSE-2020-1533.NASL", "OPENSUSE-2020-1536.NASL", "OPENSUSE-2020-1677.NASL", "OPENSUSE-2020-1679.NASL", "OPENSUSE-2020-1993.NASL", "OPENSUSE-2020-2000.NASL", "OPENSUSE-2020-627.NASL", "OPENSUSE-2020-990.NASL", "ORACLELINUX_ELSA-2021-4213.NASL", "REDHAT-RHSA-2019-0796.NASL", "REDHAT-RHSA-2020-4366.NASL", "REDHAT-RHSA-2021-1313.NASL", "REDHAT-RHSA-2021-4702.NASL", "SUSE_SU-2019-1381-1.NASL", "SUSE_SU-2019-1973-1.NASL", "SUSE_SU-2020-1178-1.NASL", "SUSE_SU-2020-14516-1.NASL", "SUSE_SU-2020-3036-1.NASL", "SUSE_SU-2020-3147-1.NASL", "SUSE_SU-2020-3160-1.NASL", "SUSE_SU-2022-1515-1.NASL", "UBUNTU_USN-4561-1.NASL", "UBUNTU_USN-4561-2.NASL", "UBUNTU_USN-4583-2.NASL", "WEB_APPLICATION_SCANNING_98716"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108561", "OPENVAS:1361412562310108562", "OPENVAS:1361412562310108598", "OPENVAS:1361412562310113709", "OPENVAS:1361412562310113712", "OPENVAS:1361412562310113713", "OPENVAS:1361412562310113714", "OPENVAS:1361412562310113715", "OPENVAS:1361412562310113716", "OPENVAS:1361412562310852477", "OPENVAS:1361412562310852548", "OPENVAS:1361412562310852841", "OPENVAS:1361412562310853159", "OPENVAS:1361412562310876332", "OPENVAS:1361412562310876335", "OPENVAS:1361412562310876336", "OPENVAS:1361412562310876337", "OPENVAS:1361412562310876339", "OPENVAS:1361412562310876340", "OPENVAS:1361412562310876341", "OPENVAS:1361412562310876343", "OPENVAS:1361412562310876344", "OPENVAS:1361412562310876345", "OPENVAS:1361412562310876347", "OPENVAS:1361412562310877683", "OPENVAS:1361412562310877686", "OPENVAS:1361412562310877687", "OPENVAS:1361412562310891739", "OPENVAS:1361412562310892149", "OPENVAS:1361412562310892251", "OPENVAS:1361412562310892275", "OPENVAS:1361412562310892282"]}, {"type": "osv", "idList": ["OSV:DLA-1739-1", "OSV:DLA-2149-1", "OSV:DLA-2251-1", "OSV:DLA-2275-1", "OSV:DLA-2282-1", "OSV:DLA-2398-1", "OSV:DLA-2403-1", "OSV:DLA-3023-1", "OSV:DSA-4766-1", "OSV:GHSA-2P68-F74V-9WC6", "OSV:GHSA-33VF-4XGG-9R58", "OSV:GHSA-65CV-R6X7-79HV", "OSV:GHSA-7XX3-M584-X994", "OSV:GHSA-84J7-475P-HP8V", "OSV:GHSA-86G5-2WH3-GC9J", "OSV:GHSA-8727-M6GJ-MC37", "OSV:GHSA-C6QR-H5VQ-59JC", "OSV:GHSA-CFJV-5498-MPH5", "OSV:GHSA-J6W9-FV6Q-3Q52", "OSV:GHSA-JP5V-5GX4-JMJ9", "OSV:GHSA-M42H-MH85-4QGC", "OSV:GHSA-M63J-WH5W-C252", "OSV:GHSA-Q28M-8XJW-8VR5", "OSV:GHSA-W64W-QQPH-5GXM", "OSV:GHSA-X7JG-6PWG-FX5H", "OSV:GHSA-XQ5J-GW7F-JGJ8"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:152178", "PACKETSTORM:152704"]}, {"type": "photon", "idList": ["PHSA-2019-0196", "PHSA-2019-0263", "PHSA-2020-0047"]}, {"type": "redhat", "idList": ["RHSA-2019:0796", "RHSA-2019:1147", "RHSA-2019:1149", "RHSA-2019:1289", "RHSA-2020:4366", "RHSA-2021:1313", "RHSA-2021:4702"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-16770", "RH:CVE-2019-5418", "RH:CVE-2019-5419", "RH:CVE-2019-5420", "RH:CVE-2020-11076", "RH:CVE-2020-11077", "RH:CVE-2020-15169", "RH:CVE-2020-5247", "RH:CVE-2020-5249", "RH:CVE-2020-5267", "RH:CVE-2020-7070", "RH:CVE-2020-8164", "RH:CVE-2020-8165", "RH:CVE-2020-8166", "RH:CVE-2020-8167", "RH:CVE-2020-8184", "RH:CVE-2020-8185", "RH:CVE-2021-29509"]}, {"type": "rubygems", "idList": ["RUBY:ACTIONPACK-2020-8185", "RUBY:ACTIONVIEW-2019-5418", "RUBY:ACTIONVIEW-2019-5419", "RUBY:CGI-2021-41819", "RUBY:PUMA-2020-5249", "RUBY:PUMA-2021-29509", "RUBY:RACK-2020-8184", "RUBY:RAILTIES-2019-5420"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1344-1", "OPENSUSE-SU-2019:1527-1", "OPENSUSE-SU-2019:1824-1", "OPENSUSE-SU-2020:0627-1", "OPENSUSE-SU-2020:0990-1", "OPENSUSE-SU-2020:1001-1", "OPENSUSE-SU-2020:1533-1", "OPENSUSE-SU-2020:1536-1", "OPENSUSE-SU-2020:1575-1", "OPENSUSE-SU-2020:1677-1", "OPENSUSE-SU-2020:1679-1", "OPENSUSE-SU-2020:1993-1"]}, {"type": "ubuntu", "idList": ["USN-4561-1", "USN-4561-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-16770", "UB:CVE-2019-5418", "UB:CVE-2019-5419", "UB:CVE-2019-5420", "UB:CVE-2020-11076", "UB:CVE-2020-11077", "UB:CVE-2020-15169", "UB:CVE-2020-5247", "UB:CVE-2020-5249", "UB:CVE-2020-5267", "UB:CVE-2020-7070", "UB:CVE-2020-8164", "UB:CVE-2020-8165", "UB:CVE-2020-8166", "UB:CVE-2020-8167", "UB:CVE-2020-8184", "UB:CVE-2020-8185", "UB:CVE-2021-29509"]}, {"type": "veracode", "idList": ["VERACODE:22122", "VERACODE:22604", "VERACODE:22623", "VERACODE:22750", "VERACODE:25449", "VERACODE:25451", "VERACODE:25454", "VERACODE:25481", "VERACODE:25486", "VERACODE:25499", "VERACODE:25691", "VERACODE:25761", "VERACODE:26739", "VERACODE:30424"]}, {"type": "zdt", "idList": ["1337DAY-ID-32402", "1337DAY-ID-32643"]}]}, "score": {"value": 0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2020-1440"]}, {"type": "attackerkb", "idList": ["AKB:14530FED-0617-4192-812F-B80666A8BDAE", "AKB:1E91DAD8-4A04-42CC-B143-C06594396938"]}, {"type": "canvas", "idList": ["RAILS_ACCEPT_READFILE", "RAILS_ACTIVESTORAGE_RCE"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-0784", "CPAI-2019-2207", "CPAI-2020-1223"]}, {"type": "cve", "idList": ["CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1739-1:3959D"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-16770", "DEBIANCVE:CVE-2019-5418", "DEBIANCVE:CVE-2019-5419", "DEBIANCVE:CVE-2019-5420", "DEBIANCVE:CVE-2020-11076", "DEBIANCVE:CVE-2020-11077", "DEBIANCVE:CVE-2020-15169", "DEBIANCVE:CVE-2020-5247", "DEBIANCVE:CVE-2020-5249", "DEBIANCVE:CVE-2020-5267", "DEBIANCVE:CVE-2020-8164", "DEBIANCVE:CVE-2020-8165", "DEBIANCVE:CVE-2020-8166", "DEBIANCVE:CVE-2020-8167", "DEBIANCVE:CVE-2020-8184", "DEBIANCVE:CVE-2020-8185"]}, {"type": "dsquare", "idList": ["E-683"]}, {"type": "exploitdb", "idList": ["EDB-ID:46585", "EDB-ID:46785"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:DCA0047F9446E67F154773DC2F542F43"]}, {"type": "f5", "idList": ["F5:K11435435"]}, {"type": "fedora", "idList": ["FEDORA:02EB26020AF1", "FEDORA:04C8E30BDAB3", "FEDORA:1BE4F30C0EF2", "FEDORA:201C860427AE", "FEDORA:2DDE030C0EF7", "FEDORA:3313D30C0EF8", "FEDORA:36BC5608DDAC", "FEDORA:3AF9260427B6", "FEDORA:4A6A3309B6F1", "FEDORA:561E660427BA", "FEDORA:61EBD30BDAB3", "FEDORA:6500563042DF", "FEDORA:6863A6087E4D", "FEDORA:6905030C0EF2", "FEDORA:706DC60427E4", "FEDORA:7AD1030BB654", "FEDORA:8116230C0EF7", "FEDORA:8A3C26042808", "FEDORA:92FD1309B6F1", "FEDORA:98F1A30C0EF8", "FEDORA:A58F36042B2A", "FEDORA:AC7E030C9BDF", "FEDORA:ACA3160876F5", "FEDORA:AF8C030C0EF2", "FEDORA:BF4696042B2C", "FEDORA:C779E30C0EFA", "FEDORA:D93AD6020AF1", "FEDORA:E04FA30C0EFD", "FEDORA:F2F4B60427B6"]}, {"type": "freebsd", "idList": ["1396A74A-4997-11E9-B5F1-83EDB3F89BA1"]}, {"type": "github", "idList": ["GHSA-86G5-2WH3-GC9J", "GHSA-M42H-MH85-4QGC", "GHSA-M63J-WH5W-C252"]}, {"type": "githubexploit", "idList": ["1AA560B7-D951-5AD1-AE25-D44C542B218B", "1B4B2D33-DA2D-5E3F-A1A6-FC5997A7558C", "27155F58-3ADE-564B-A3AA-579D94D79DAE", "3B6A3B39-6E6B-5E2D-8FA8-D34732708B4B", "43775689-1819-5346-BFF2-D07E4CC21611", "4EC69F6B-701F-551C-9FE3-70D0D308798A", "60737735-B0CC-556A-96EB-B41ED58C507B", "78840956-5A47-5CE4-8509-122957977EAB", "7C5BFDFC-84A3-5771-BA4F-5FCF5C38D48C", "85A51425-6AD4-5A79-A202-579492F85437", "97B09B8B-70D8-53A6-84D5-EC8077CDF94F", "9A2C7492-7042-50E5-96F0-B3E8C301634E", "CECC5D54-6258-568A-858F-9209E5656C0D", "DA85122C-5559-534B-9447-C9C43A4CBB65", "DC216D07-7CB4-5CE9-A7DB-F26B7C40ECEF"]}, {"type": "hackerone", "idList": ["H1:473888", "H1:904059"]}, {"type": "ibm", "idList": ["7325F728122447EAC9342148FCD97E334C0424FFB7894D8BD8F1BB790CFFF2D1"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/GATHER/RAILS_DOUBLETAP_FILE_READ"]}, {"type": "nessus", "idList": ["ALA_ALAS-2020-1440.NASL", "DEBIAN_DLA-1739.NASL", "FEDORA_2019-1CFE24DB5C.NASL", "FREEBSD_PKG_1396A74A499711E9B5F183EDB3F89BA1.NASL", "OPENSUSE-2020-1536.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108561", "OPENVAS:1361412562310852477", "OPENVAS:1361412562310876332", "OPENVAS:1361412562310876335", "OPENVAS:1361412562310876336", "OPENVAS:1361412562310876337", "OPENVAS:1361412562310876339", "OPENVAS:1361412562310876340", "OPENVAS:1361412562310876341", "OPENVAS:1361412562310876343", "OPENVAS:1361412562310876344", "OPENVAS:1361412562310876345", "OPENVAS:1361412562310876347", "OPENVAS:1361412562310891739"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:152178", "PACKETSTORM:152704"]}, {"type": "photon", "idList": ["PHSA-2019-0196", "PHSA-2019-0263", "PHSA-2020-0047"]}, {"type": "redhat", "idList": ["RHSA-2019:1147", "RHSA-2019:1149"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-16770", "RH:CVE-2019-5419", "RH:CVE-2019-5420", "RH:CVE-2020-11076", "RH:CVE-2020-11077", "RH:CVE-2020-15169", "RH:CVE-2020-5247", "RH:CVE-2020-5249", "RH:CVE-2020-5267", "RH:CVE-2020-7070", "RH:CVE-2020-8164", "RH:CVE-2020-8165", "RH:CVE-2020-8166", "RH:CVE-2020-8184", "RH:CVE-2020-8185"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1344-1", "OPENSUSE-SU-2020:1575-1"]}, {"type": "ubuntu", "idList": ["USN-4561-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-16770", "UB:CVE-2020-11076", "UB:CVE-2020-11077", "UB:CVE-2020-15169", "UB:CVE-2020-5247", "UB:CVE-2020-5249", "UB:CVE-2020-5267", "UB:CVE-2020-8165", "UB:CVE-2020-8166", "UB:CVE-2020-8167", "UB:CVE-2020-8185"]}, {"type": "zdt", "idList": ["1337DAY-ID-32402", "1337DAY-ID-32643"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-16770", "epss": "0.001140000", "percentile": "0.433700000", "modified": "2023-03-17"}, {"cve": "CVE-2019-5418", "epss": "0.974470000", "percentile": "0.998940000", "modified": "2023-03-17"}, {"cve": "CVE-2019-5419", "epss": "0.004770000", "percentile": "0.719850000", "modified": "2023-03-17"}, {"cve": "CVE-2019-5420", "epss": "0.973220000", "percentile": "0.997580000", "modified": "2023-03-17"}, {"cve": "CVE-2020-11076", "epss": "0.002480000", "percentile": "0.609660000", "modified": "2023-03-17"}, {"cve": "CVE-2020-11077", "epss": "0.002730000", "percentile": "0.629440000", "modified": "2023-03-17"}, {"cve": "CVE-2020-15169", "epss": "0.005570000", "percentile": "0.741880000", "modified": "2023-03-17"}, {"cve": "CVE-2020-5247", "epss": "0.006600000", "percentile": "0.764620000", "modified": "2023-03-17"}, {"cve": "CVE-2020-5249", "epss": "0.001120000", "percentile": "0.429710000", "modified": "2023-03-17"}, {"cve": "CVE-2020-5267", "epss": "0.002390000", "percentile": "0.601820000", "modified": "2023-03-17"}, {"cve": "CVE-2020-8164", "epss": "0.011820000", "percentile": "0.828890000", "modified": "2023-03-17"}, {"cve": "CVE-2020-8165", "epss": "0.833160000", "percentile": "0.978370000", "modified": "2023-03-17"}, {"cve": "CVE-2020-8166", "epss": "0.001540000", "percentile": "0.499290000", "modified": "2023-03-17"}, {"cve": "CVE-2020-8167", "epss": "0.001540000", "percentile": "0.499460000", "modified": "2023-03-17"}, {"cve": "CVE-2020-8184", "epss": "0.001000000", "percentile": "0.397020000", "modified": "2023-03-17"}, {"cve": "CVE-2020-8185", "epss": "0.000860000", "percentile": "0.349290000", "modified": "2023-03-17"}], "vulnersScore": 0.4}, "_state": {"dependencies": 1660012827, "score": 1698842854, "epss": 1679098904}, "_internal": {"score_hash": "9fc707d5bdbb2934e431c6677a4e8443"}, "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "15.1", "arch": "x86_64", "operator": "lt", "packageVersion": "- openSUSE Leap 15.1 (x86_64):", "packageFilename": "- openSUSE Leap 15.1 (x86_64):.x86_64.rpm", "packageName": ""}]}

{"nessus": [{"lastseen": "2023-05-18T15:26:30", "description": "This update for rmt-server fixes the following issues :\n\nUpdate to version 2.6.5: Solved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one.\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf.\n\nInstead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name.\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps.\n\nFixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail.\n\nFriendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom repositories.\n\n - Custom repository IDs can be the same across RMT instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility.\n\nUpdated rails and puma dependencies for security fixes.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3036-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16770", "CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420", "CVE-2020-11076", "CVE-2020-11077", "CVE-2020-15169", "CVE-2020-5247", "CVE-2020-5249", "CVE-2020-5267", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8184", "CVE-2020-8185"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:rmt-server", "p-cpe:/a:novell:suse_linux:rmt-server-config", "p-cpe:/a:novell:suse_linux:rmt-server-debuginfo", "p-cpe:/a:novell:suse_linux:rmt-server-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3036-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143751", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3036-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143751);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3036-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\nUpdate to version 2.6.5: Solved potential bug of SCC repository URLs\nchanging over time. RMT now self heals by removing the previous\ninvalid repository and creating the correct one.\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to\nconfigure the minimum and maximum threads count as well the number of\nweb server workers to be booted through /etc/rmt.conf.\n\nInstead of using an MD5 of URLs for custom repository friendly_ids,\nRMT now builds an ID from the name.\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET\nrequests with the header 'If-Modified-Since' to a repository server\nand if the response had a 304 (Not Modified), it would copy a file\nfrom the local cache instead of downloading. However, if the local\nfile timestamp accidentally changed to a date newer than the one on\nthe repository server, RMT would have an outdated file, which caused\nsome errors. Now, RMT makes HEAD requests to the repositories servers\nand inspect the 'Last-Modified' header to decide whether to download a\nfile or copy it from cache, by comparing the equalness of timestamps.\n\nFixed an issue where relative paths supplied to `rmt-cli import repos`\ncaused the command to fail.\n\nFriendlier IDs for custom repositories: In an effort to simplify the\nhandling of SCC and custom repositories, RMT now has friendly IDs. For\nSCC repositories, it's the same SCC ID as before. For custom\nrepositories, it can either be user provided or RMT generated (MD5 of\nthe provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\nUpdated rails and puma dependencies for security fixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16770/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5247/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5249/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8185/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203036-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?08477350\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP2-2020-3036=1\n\nSUSE Linux Enterprise Module for Public Cloud 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-3036=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"rmt-server-2.6.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"rmt-server-config-2.6.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"rmt-server-debuginfo-2.6.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"rmt-server-debugsource-2.6.5-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:25", "description": "This update for rmt-server fixes the following issues :\n\nUpdate to version 2.6.5 :\n\n - Solved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one.\n\n - Add web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf.\n\n - Instead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name.\n\n - Fix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps.\n\n - Fixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail.\n\n - Friendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom repositories.\n\n - Custom repository IDs can be the same across RMT instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility.\n\n - Updated rails and puma dependencies for security fixes.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2020-11-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rmt-server (openSUSE-2020-1993)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16770", "CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420", "CVE-2020-11076", "CVE-2020-11077", "CVE-2020-15169", "CVE-2020-5247", "CVE-2020-5249", "CVE-2020-5267", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8184", "CVE-2020-8185"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rmt-server", "p-cpe:/a:novell:opensuse:rmt-server-config", "p-cpe:/a:novell:opensuse:rmt-server-debuginfo", "p-cpe:/a:novell:opensuse:rmt-server-debugsource", "p-cpe:/a:novell:opensuse:rmt-server-pubcloud", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1993.NASL", "href": "https://www.tenable.com/plugins/nessus/143190", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1993.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143190);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"openSUSE Security Update : rmt-server (openSUSE-2020-1993)\");\n script_summary(english:\"Check for the openSUSE-2020-1993 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\nUpdate to version 2.6.5 :\n\n - Solved potential bug of SCC repository URLs changing\n over time. RMT now self heals by removing the previous\n invalid repository and creating the correct one.\n\n - Add web server settings to /etc/rmt.conf: Now it's\n possible to configure the minimum and maximum threads\n count as well the number of web server workers to be\n booted through /etc/rmt.conf.\n\n - Instead of using an MD5 of URLs for custom repository\n friendly_ids, RMT now builds an ID from the name.\n\n - Fix RMT file caching based on timestamps: Previously,\n RMT sent GET requests with the header\n 'If-Modified-Since' to a repository server and if the\n response had a 304 (Not Modified), it would copy a file\n from the local cache instead of downloading. However, if\n the local file timestamp accidentally changed to a date\n newer than the one on the repository server, RMT would\n have an outdated file, which caused some errors. Now,\n RMT makes HEAD requests to the repositories servers and\n inspect the 'Last-Modified' header to decide whether to\n download a file or copy it from cache, by comparing the\n equalness of timestamps.\n\n - Fixed an issue where relative paths supplied to `rmt-cli\n import repos` caused the command to fail.\n\n - Friendlier IDs for custom repositories: In an effort to\n simplify the handling of SCC and custom repositories,\n RMT now has friendly IDs. For SCC repositories, it's the\n same SCC ID as before. For custom repositories, it can\n either be user provided or RMT generated (MD5 of the\n provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\n - Updated rails and puma dependencies for security fixes.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1165548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rmt-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-pubcloud\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-2.6.5-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-config-2.6.5-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-debuginfo-2.6.5-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-debugsource-2.6.5-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-pubcloud-2.6.5-lp152.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server / rmt-server-config / rmt-server-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:35", "description": "This update for rmt-server fixes the following issues :\n\nVersion 2.6.5\n\nSolved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one.\n\nVersion 2.6.4\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf.\n\nVersion 2.6.3\n\nInstead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name.\n\nVersion 2.6.2\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps.\n\nVersion 2.6.1\n\nFixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail.\n\nVersion 2.6.0\n\nFriendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom repositories.\n\n - Custom repository IDs can be the same across RMT instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility.\n\nVersion 2.5.20\n\nUpdated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\nVersion 2.5.19\n\nRMT now has the ability to remove local systems with the command `rmt-cli systems remove`.\n\nVersion 2.5.18\n\nFixed exit code for `rmt-cli mirror` and its subcommands. Now it exits with 1 whenever an error occurrs during mirroring\n\nImproved message logging for `rtm-cli mirror`. Instead of logging an error when it occurs, the command summarize all errors at the end of execution. Now log messages have colors to better identify failure/success.\n\nVersion 2.5.17\n\nRMT no longer provides the installer updates repository to systems via its zypper service. This repository is used during the installation process, as it provides an up-to-date installation experience, but it has no use on an already installed system.\n\nVersion 2.5.16\n\nUpdated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249, CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418, CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\nVersion 2.5.15\n\nRMT now checks if repositories are fully mirrored during the activation process. Previously, RMT only checked if the repositories were enabled to be mirrored, but not that they were actually mirrored.\nIn this case, RMTs were not able to provide the repository data which systems assumed it had.\n\nVersion 2.5.14\n\nEnable 'Installer-Updates' repositories by default\n\nFixed deprecation warning when thor encountered an error. Also, instead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\nVersion 2.5.13\n\nAdded `rmt-cli repos clean` command to remove locally mirrored files of repositories which are not marked to be mirrored.\n\nPreviously, RMT didn't track deduplicated files in its database. Now, to accommodate `rmt-cli repos clean`, RMT will track all mirrored files.\n\nMove the nginx reload to the configuration package which contain nginx config files, don't reload nginx unconditionally from main package.\n\nVersion 2.5.12\n\nUpdate rack to version 2.2.3 (CVE-2020-8184: bsc#1173351)\n\nUpdate Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\nVersion 2.5.11\n\nrmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available subscriptions\n\n - Added a manual instance verification script\n\nVersion 2.5.10\n\nSupport rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order to also bump gem 'ethon' version, which caused a 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1 generates a lot of warnings with Ruby 2.7, mainly due to 'capturing the given block with Proc.new', which is deprecated;\n\n - Improve RPM spec to consider only the distribution default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding 'bundler.\n\nMove nginx/vhosts.d directory to correct sub-package. They are needed together with nginx, not rmt-server.\n\nFix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on another host\n\nFix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\nVersion 2.5.9\n\nrmt-server-pubcloud: enforce strict authentication\n\nVersion 2.5.8\n\nUse repomd_parser gem to remove repository metadata parsing code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3147-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16770", "CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420", "CVE-2020-11076", "CVE-2020-11077", "CVE-2020-15169", "CVE-2020-5247", "CVE-2020-5249", "CVE-2020-5267", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8184", "CVE-2020-8185"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:rmt-server", "p-cpe:/a:novell:suse_linux:rmt-server-config", "p-cpe:/a:novell:suse_linux:rmt-server-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3147-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143622", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3147-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143622);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3147-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\nVersion 2.6.5\n\nSolved potential bug of SCC repository URLs changing over time. RMT\nnow self heals by removing the previous invalid repository and\ncreating the correct one.\n\nVersion 2.6.4\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to\nconfigure the minimum and maximum threads count as well the number of\nweb server workers to be booted through /etc/rmt.conf.\n\nVersion 2.6.3\n\nInstead of using an MD5 of URLs for custom repository friendly_ids,\nRMT now builds an ID from the name.\n\nVersion 2.6.2\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET\nrequests with the header 'If-Modified-Since' to a repository server\nand if the response had a 304 (Not Modified), it would copy a file\nfrom the local cache instead of downloading. However, if the local\nfile timestamp accidentally changed to a date newer than the one on\nthe repository server, RMT would have an outdated file, which caused\nsome errors. Now, RMT makes HEAD requests to the repositories servers\nand inspect the 'Last-Modified' header to decide whether to download a\nfile or copy it from cache, by comparing the equalness of timestamps.\n\nVersion 2.6.1\n\nFixed an issue where relative paths supplied to `rmt-cli import repos`\ncaused the command to fail.\n\nVersion 2.6.0\n\nFriendlier IDs for custom repositories: In an effort to simplify the\nhandling of SCC and custom repositories, RMT now has friendly IDs. For\nSCC repositories, it's the same SCC ID as before. For custom\nrepositories, it can either be user provided or RMT generated (MD5 of\nthe provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\nVersion 2.5.20\n\nUpdated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\nVersion 2.5.19\n\nRMT now has the ability to remove local systems with the command\n`rmt-cli systems remove`.\n\nVersion 2.5.18\n\nFixed exit code for `rmt-cli mirror` and its subcommands. Now it exits\nwith 1 whenever an error occurrs during mirroring\n\nImproved message logging for `rtm-cli mirror`. Instead of logging an\nerror when it occurs, the command summarize all errors at the end of\nexecution. Now log messages have colors to better identify\nfailure/success.\n\nVersion 2.5.17\n\nRMT no longer provides the installer updates repository to systems via\nits zypper service. This repository is used during the installation\nprocess, as it provides an up-to-date installation experience, but it\nhas no use on an already installed system.\n\nVersion 2.5.16\n\nUpdated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249,\n CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418,\n CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\nVersion 2.5.15\n\nRMT now checks if repositories are fully mirrored during the\nactivation process. Previously, RMT only checked if the repositories\nwere enabled to be mirrored, but not that they were actually mirrored.\nIn this case, RMTs were not able to provide the repository data which\nsystems assumed it had.\n\nVersion 2.5.14\n\nEnable 'Installer-Updates' repositories by default\n\nFixed deprecation warning when thor encountered an error. Also,\ninstead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\nVersion 2.5.13\n\nAdded `rmt-cli repos clean` command to remove locally mirrored files\nof repositories which are not marked to be mirrored.\n\nPreviously, RMT didn't track deduplicated files in its database. Now,\nto accommodate `rmt-cli repos clean`, RMT will track all mirrored\nfiles.\n\nMove the nginx reload to the configuration package which contain nginx\nconfig files, don't reload nginx unconditionally from main package.\n\nVersion 2.5.12\n\nUpdate rack to version 2.2.3 (CVE-2020-8184: bsc#1173351)\n\nUpdate Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\nVersion 2.5.11\n\nrmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available\n subscriptions\n\n - Added a manual instance verification script\n\nVersion 2.5.10\n\nSupport rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix\n incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order\n to also bump gem 'ethon' version, which caused a\n 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source\n code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1\n generates a lot of warnings with Ruby 2.7, mainly due to\n 'capturing the given block with Proc.new', which is\n deprecated;\n\n - Improve RPM spec to consider only the distribution\n default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding\n 'bundler.\n\nMove nginx/vhosts.d directory to correct sub-package. They are needed\ntogether with nginx, not rmt-server.\n\nFix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on\n another host\n\nFix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\nVersion 2.5.9\n\nrmt-server-pubcloud: enforce strict authentication\n\nVersion 2.5.8\n\nUse repomd_parser gem to remove repository metadata parsing code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16770/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5247/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5249/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8185/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203147-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3122c55\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3147=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-3147=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3147=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3147=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"rmt-server-2.6.5-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"rmt-server-config-2.6.5-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"rmt-server-debuginfo-2.6.5-3.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:48", "description": "This update for rmt-server fixes the following issues :\n\nVersion 2.6.5\n\nSolved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one.\n\nVersion 2.6.4\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf.\n\nVersion 2.6.3\n\nInstead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name.\n\nVersion 2.6.2\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps.\n\nVersion 2.6.1\n\nFixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail.\n\nVersion 2.6.0\n\nFriendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom repositories.\n\n - Custom repository IDs can be the same across RMT instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility.\n\nVersion 2.5.20\n\nUpdated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\nVersion 2.5.19\n\nRMT now has the ability to remove local systems with the command `rmt-cli systems remove`.\n\nVersion 2.5.18\n\nFixed exit code for `rmt-cli mirror` and its subcommands. Now it exits with 1 whenever an error occurs during mirroring\n\nImproved message logging for `rtm-cli mirror`. Instead of logging an error when it occurs, the command summarize all errors at the end of execution. Now log messages have colors to better identify failure/success.\n\nVersion 2.5.17\n\nRMT no longer provides the installer updates repository to systems via its zypper service. This repository is used during the installation process, as it provides an up-to-date installation experience, but it has no use on an already installed system.\n\nVersion 2.5.16\n\nUpdated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249, CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418, CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\nVersion 2.5.15\n\nRMT now checks if repositories are fully mirrored during the activation process. Previously, RMT only checked if the repositories were enabled to be mirrored, but not that they were actually mirrored.\nIn this case, RMTs were not able to provide the repository data which systems assumed it had.\n\nVersion 2.5.14\n\nEnable 'Installer-Updates' repositories by default\n\nFixed deprecation warning when thor encountered an error. Also, instead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\nVersion 2.5.13\n\nAdded `rmt-cli repos clean` command to remove locally mirrored files of repositories which are not marked to be mirrored.\n\nPreviously, RMT didn't track deduplicated files in its database. Now, to accommodate `rmt-cli repos clean`, RMT will track all mirrored files.\n\nMove the nginx reload to the configuration package which contain nginx config files, don't reload nginx unconditionally from main package.\n\nVersion 2.5.12\n\nUpdate rack to version 2.2.3 (CVE-2020-8184: bsc#1173351)\n\nUpdate Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\nVersion 2.5.11\n\nrmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available subscriptions\n\n - Added a manual instance verification script\n\nVersion 2.5.10\n\nSupport rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order to also bump gem 'ethon' version, which caused a 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1 generates a lot of warnings with Ruby 2.7, mainly due to 'capturing the given block with Proc.new', which is deprecated;\n\n - Improve RPM spec to consider only the distribution default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding 'bundler.\n\nMove nginx/vhosts.d directory to correct sub-package. They are needed together with nginx, not rmt-server.\n\nFix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on another host\n\nFix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\nVersion 2.5.9\n\nrmt-server-pubcloud: enforce strict authentication\n\nVersion 2.5.8\n\nUse repomd_parser gem to remove repository metadata parsing code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3160-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16770", "CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420", "CVE-2020-11076", "CVE-2020-11077", "CVE-2020-15169", "CVE-2020-5247", "CVE-2020-5249", "CVE-2020-5267", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8184", "CVE-2020-8185"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:rmt-server", "p-cpe:/a:novell:suse_linux:rmt-server-config", "p-cpe:/a:novell:suse_linux:rmt-server-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3160-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143623", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3160-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143623);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3160-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\nVersion 2.6.5\n\nSolved potential bug of SCC repository URLs changing over time. RMT\nnow self heals by removing the previous invalid repository and\ncreating the correct one.\n\nVersion 2.6.4\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to\nconfigure the minimum and maximum threads count as well the number of\nweb server workers to be booted through /etc/rmt.conf.\n\nVersion 2.6.3\n\nInstead of using an MD5 of URLs for custom repository friendly_ids,\nRMT now builds an ID from the name.\n\nVersion 2.6.2\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET\nrequests with the header 'If-Modified-Since' to a repository server\nand if the response had a 304 (Not Modified), it would copy a file\nfrom the local cache instead of downloading. However, if the local\nfile timestamp accidentally changed to a date newer than the one on\nthe repository server, RMT would have an outdated file, which caused\nsome errors. Now, RMT makes HEAD requests to the repositories servers\nand inspect the 'Last-Modified' header to decide whether to download a\nfile or copy it from cache, by comparing the equalness of timestamps.\n\nVersion 2.6.1\n\nFixed an issue where relative paths supplied to `rmt-cli import repos`\ncaused the command to fail.\n\nVersion 2.6.0\n\nFriendlier IDs for custom repositories: In an effort to simplify the\nhandling of SCC and custom repositories, RMT now has friendly IDs. For\nSCC repositories, it's the same SCC ID as before. For custom\nrepositories, it can either be user provided or RMT generated (MD5 of\nthe provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\nVersion 2.5.20\n\nUpdated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\nVersion 2.5.19\n\nRMT now has the ability to remove local systems with the command\n`rmt-cli systems remove`.\n\nVersion 2.5.18\n\nFixed exit code for `rmt-cli mirror` and its subcommands. Now it exits\nwith 1 whenever an error occurs during mirroring\n\nImproved message logging for `rtm-cli mirror`. Instead of logging an\nerror when it occurs, the command summarize all errors at the end of\nexecution. Now log messages have colors to better identify\nfailure/success.\n\nVersion 2.5.17\n\nRMT no longer provides the installer updates repository to systems via\nits zypper service. This repository is used during the installation\nprocess, as it provides an up-to-date installation experience, but it\nhas no use on an already installed system.\n\nVersion 2.5.16\n\nUpdated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249,\n CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418,\n CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\nVersion 2.5.15\n\nRMT now checks if repositories are fully mirrored during the\nactivation process. Previously, RMT only checked if the repositories\nwere enabled to be mirrored, but not that they were actually mirrored.\nIn this case, RMTs were not able to provide the repository data which\nsystems assumed it had.\n\nVersion 2.5.14\n\nEnable 'Installer-Updates' repositories by default\n\nFixed deprecation warning when thor encountered an error. Also,\ninstead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\nVersion 2.5.13\n\nAdded `rmt-cli repos clean` command to remove locally mirrored files\nof repositories which are not marked to be mirrored.\n\nPreviously, RMT didn't track deduplicated files in its database. Now,\nto accommodate `rmt-cli repos clean`, RMT will track all mirrored\nfiles.\n\nMove the nginx reload to the configuration package which contain nginx\nconfig files, don't reload nginx unconditionally from main package.\n\nVersion 2.5.12\n\nUpdate rack to version 2.2.3 (CVE-2020-8184: bsc#1173351)\n\nUpdate Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\nVersion 2.5.11\n\nrmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available\n subscriptions\n\n - Added a manual instance verification script\n\nVersion 2.5.10\n\nSupport rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix\n incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order\n to also bump gem 'ethon' version, which caused a\n 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source\n code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1\n generates a lot of warnings with Ruby 2.7, mainly due to\n 'capturing the given block with Proc.new', which is\n deprecated;\n\n - Improve RPM spec to consider only the distribution\n default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding\n 'bundler.\n\nMove nginx/vhosts.d directory to correct sub-package. They are needed\ntogether with nginx, not rmt-server.\n\nFix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on\n another host\n\nFix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\nVersion 2.5.9\n\nrmt-server-pubcloud: enforce strict authentication\n\nVersion 2.5.8\n\nUse repomd_parser gem to remove repository metadata parsing code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16770/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5247/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5249/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8185/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203160-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e5e6b911\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP1-2020-3160=1\n\nSUSE Linux Enterprise Module for Public Cloud 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-3160=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rmt-server-2.6.5-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rmt-server-config-2.6.5-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rmt-server-debuginfo-2.6.5-3.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:47", "description": "This update for rmt-server fixes the following issues :\n\n - Version 2.6.5\n\n - Solved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one.\n\n - Version 2.6.4\n\n - Add web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf.\n\n - Version 2.6.3\n\n - Instead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name.\n\n - Version 2.6.2\n\n - Fix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps.\n\n\n\n - Version 2.6.1\n\n - Fixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail.\n\n - Version 2.6.0\n\n - Friendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom repositories.\n\n - Custom repository IDs can be the same across RMT instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility.\n\n - Version 2.5.20\n\n - Updated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\n - Version 2.5.19\n\n - RMT now has the ability to remove local systems with the command `rmt-cli systems remove`.\n\n - Version 2.5.18\n\n - Fixed exit code for `rmt-cli mirror` and its subcommands. Now it exits with 1 whenever an error occurs during mirroring\n\n - Improved message logging for `rtm-cli mirror`. Instead of logging an error when it occurs, the command summarize all errors at the end of execution. Now log messages have colors to better identify failure/success.\n\n - Version 2.5.17\n\n - RMT no longer provides the installer updates repository to systems via its zypper service. This repository is used during the installation process, as it provides an up-to-date installation experience, but it has no use on an already installed system.\n\n - Version 2.5.16\n\n - Updated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249, CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418, CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\n - Version 2.5.15\n\n - RMT now checks if repositories are fully mirrored during the activation process. Previously, RMT only checked if the repositories were enabled to be mirrored, but not that they were actually mirrored. In this case, RMTs were not able to provide the repository data which systems assumed it had.\n\n - Version 2.5.14\n\n - Enable 'Installer-Updates' repositories by default\n\n - Fixed deprecation warning when thor encountered an error. Also, instead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\n - Version 2.5.13\n\n - Added `rmt-cli repos clean` command to remove locally mirrored files of repositories which are not marked to be mirrored.\n\n - Previously, RMT didn't track deduplicated files in its database. Now, to accommodate `rmt-cli repos clean`, RMT will track all mirrored files.\n\n - Move the nginx reload to the configuration package which contain nginx config files, don't reload nginx unconditionally from main package.\n\n - Version 2.5.12\n\n - Update rack to version 2.2.3 (CVE-2020-8184:\n bsc#1173351)\n\n - Update Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\n - Version 2.5.11\n\n - rmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available subscriptions\n\n - Added a manual instance verification script\n\n - Version 2.5.10\n\n - Support rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order to also bump gem 'ethon' version, which caused a 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1 generates a lot of warnings with Ruby 2.7, mainly due to 'capturing the given block with Proc.new', which is deprecated;\n\n - Improve RPM spec to consider only the distribution default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding 'bundler.\n\n - Move nginx/vhosts.d directory to correct sub-package.\n They are needed together with nginx, not rmt-server.\n\n - Fix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on another host\n\n - Fix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\n - Version 2.5.9\n\n - rmt-server-pubcloud: enforce strict authentication\n\n - Version 2.5.8\n\n - Use repomd_parser gem to remove repository metadata parsing code.\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2020-11-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rmt-server (openSUSE-2020-2000)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16770", "CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420", "CVE-2020-11076", "CVE-2020-11077", "CVE-2020-15169", "CVE-2020-5247", "CVE-2020-5249", "CVE-2020-5267", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8184", "CVE-2020-8185"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rmt-server", "p-cpe:/a:novell:opensuse:rmt-server-config", "p-cpe:/a:novell:opensuse:rmt-server-debuginfo", "p-cpe:/a:novell:opensuse:rmt-server-debugsource", "p-cpe:/a:novell:opensuse:rmt-server-pubcloud", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2000.NASL", "href": "https://www.tenable.com/plugins/nessus/143225", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2000.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143225);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"openSUSE Security Update : rmt-server (openSUSE-2020-2000)\");\n script_summary(english:\"Check for the openSUSE-2020-2000 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\n - Version 2.6.5\n\n - Solved potential bug of SCC repository URLs changing\n over time. RMT now self heals by removing the previous\n invalid repository and creating the correct one.\n\n - Version 2.6.4\n\n - Add web server settings to /etc/rmt.conf: Now it's\n possible to configure the minimum and maximum threads\n count as well the number of web server workers to be\n booted through /etc/rmt.conf.\n\n - Version 2.6.3\n\n - Instead of using an MD5 of URLs for custom repository\n friendly_ids, RMT now builds an ID from the name.\n\n - Version 2.6.2\n\n - Fix RMT file caching based on timestamps: Previously,\n RMT sent GET requests with the header\n 'If-Modified-Since' to a repository server and if the\n response had a 304 (Not Modified), it would copy a file\n from the local cache instead of downloading. However, if\n the local file timestamp accidentally changed to a date\n newer than the one on the repository server, RMT would\n have an outdated file, which caused some errors. Now,\n RMT makes HEAD requests to the repositories servers and\n inspect the 'Last-Modified' header to decide whether to\n download a file or copy it from cache, by comparing the\n equalness of timestamps.\n\n\n\n - Version 2.6.1\n\n - Fixed an issue where relative paths supplied to `rmt-cli\n import repos` caused the command to fail.\n\n - Version 2.6.0\n\n - Friendlier IDs for custom repositories: In an effort to\n simplify the handling of SCC and custom repositories,\n RMT now has friendly IDs. For SCC repositories, it's the\n same SCC ID as before. For custom repositories, it can\n either be user provided or RMT generated (MD5 of the\n provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\n - Version 2.5.20\n\n - Updated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\n - Version 2.5.19\n\n - RMT now has the ability to remove local systems with the\n command `rmt-cli systems remove`.\n\n - Version 2.5.18\n\n - Fixed exit code for `rmt-cli mirror` and its\n subcommands. Now it exits with 1 whenever an error\n occurs during mirroring\n\n - Improved message logging for `rtm-cli mirror`. Instead\n of logging an error when it occurs, the command\n summarize all errors at the end of execution. Now log\n messages have colors to better identify failure/success.\n\n - Version 2.5.17\n\n - RMT no longer provides the installer updates repository\n to systems via its zypper service. This repository is\n used during the installation process, as it provides an\n up-to-date installation experience, but it has no use on\n an already installed system.\n\n - Version 2.5.16\n\n - Updated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249,\n CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418,\n CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\n - Version 2.5.15\n\n - RMT now checks if repositories are fully mirrored during\n the activation process. Previously, RMT only checked if\n the repositories were enabled to be mirrored, but not\n that they were actually mirrored. In this case, RMTs\n were not able to provide the repository data which\n systems assumed it had.\n\n - Version 2.5.14\n\n - Enable 'Installer-Updates' repositories by default\n\n - Fixed deprecation warning when thor encountered an\n error. Also, instead of returning 0 for thor errors,\n rmt-cli will return 1 instead.\n\n - Version 2.5.13\n\n - Added `rmt-cli repos clean` command to remove locally\n mirrored files of repositories which are not marked to\n be mirrored.\n\n - Previously, RMT didn't track deduplicated files in its\n database. Now, to accommodate `rmt-cli repos clean`, RMT\n will track all mirrored files.\n\n - Move the nginx reload to the configuration package which\n contain nginx config files, don't reload nginx\n unconditionally from main package.\n\n - Version 2.5.12\n\n - Update rack to version 2.2.3 (CVE-2020-8184:\n bsc#1173351)\n\n - Update Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\n - Version 2.5.11\n\n - rmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available\n subscriptions\n\n - Added a manual instance verification script\n\n - Version 2.5.10\n\n - Support rmt-server to run with Ruby 2.7\n (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix\n incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order\n to also bump gem 'ethon' version, which caused a\n 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source\n code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1\n generates a lot of warnings with Ruby 2.7, mainly due to\n 'capturing the given block with Proc.new', which is\n deprecated;\n\n - Improve RPM spec to consider only the distribution\n default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding\n 'bundler.\n\n - Move nginx/vhosts.d directory to correct sub-package.\n They are needed together with nginx, not rmt-server.\n\n - Fix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on\n another host\n\n - Fix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\n - Version 2.5.9\n\n - rmt-server-pubcloud: enforce strict authentication\n\n - Version 2.5.8\n\n - Use repomd_parser gem to remove repository metadata\n parsing code.\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rmt-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-pubcloud\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-2.6.5-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-config-2.6.5-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-debuginfo-2.6.5-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-debugsource-2.6.5-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-pubcloud-2.6.5-lp151.2.18.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server / rmt-server-config / rmt-server-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:08:23", "description": "Multiple security issues were discovered in the Rails web framework which could result in cross-site scripting, information leaks, code execution, cross-site request forgery or bypass of upload limits.", "cvss3": {}, "published": "2020-09-25T00:00:00", "type": "nessus", "title": "Debian DSA-4766-1 : rails - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15169", "CVE-2020-8162", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167"], "modified": "2020-09-29T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4766.NASL", "href": "https://www.tenable.com/plugins/nessus/140796", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4766. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140796);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/29\");\n\n script_cve_id(\"CVE-2020-15169\", \"CVE-2020-8162\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\");\n script_xref(name:\"DSA\", value:\"4766\");\n\n script_name(english:\"Debian DSA-4766-1 : rails - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in the Rails web framework\nwhich could result in cross-site scripting, information leaks, code\nexecution, cross-site request forgery or bypass of upload limits.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4766\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the rails packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2:5.2.2.1+dfsg-1+deb10u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"rails\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-actioncable\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-actionmailer\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-actionpack\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-actionview\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-activejob\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-activemodel\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-activerecord\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-activestorage\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-activesupport\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-rails\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-railties\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:01", "description": "Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-08T00:00:00", "type": "nessus", "title": "Fedora 33 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2020-4dd34860a3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:rubygem-actionmailer", "p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord", "p-cpe:/a:fedoraproject:fedora:1:rubygem-activesupport", "p-cpe:/a:fedoraproject:fedora:1:rubygem-rails", "p-cpe:/a:fedoraproject:fedora:rubygem-actioncable", "p-cpe:/a:fedoraproject:fedora:rubygem-actionmailbox", "p-cpe:/a:fedoraproject:fedora:rubygem-actiontext", "p-cpe:/a:fedoraproject:fedora:rubygem-actionview", "p-cpe:/a:fedoraproject:fedora:rubygem-activejob", "p-cpe:/a:fedoraproject:fedora:rubygem-activemodel", "p-cpe:/a:fedoraproject:fedora:rubygem-activestorage", "p-cpe:/a:fedoraproject:fedora:rubygem-image_processing", "p-cpe:/a:fedoraproject:fedora:rubygem-railties", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-4DD34860A3.NASL", "href": "https://www.tenable.com/plugins/nessus/141285", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-4dd34860a3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141285);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/12\");\n\n script_cve_id(\"CVE-2020-15169\", \"CVE-2020-5267\", \"CVE-2020-8185\");\n script_xref(name:\"FEDORA\", value:\"2020-4dd34860a3\");\n\n script_name(english:\"Fedora 33 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2020-4dd34860a3)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529\n#1852381\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-4dd34860a3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15169\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actioncable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionmailbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actiontext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activejob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activestorage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-image_processing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-actionmailer-6.0.3.3-1.fc33\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-actionpack-6.0.3.3-2.fc33\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-activerecord-6.0.3.3-1.fc33\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-activesupport-6.0.3.3-1.fc33\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-rails-6.0.3.3-1.fc33\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-actioncable-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-actionmailbox-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-actiontext-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-actionview-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-activejob-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-activemodel-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-activestorage-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-image_processing-1.11.0-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-railties-6.0.3.3-1.fc33\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:rubygem-actionmailer / 1:rubygem-actionpack / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:43", "description": "Ruby on Rails blog :\n\nHi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can.\n\nBoth releases contain the following fixes :\n\nCVE-2020-8162: Circumvention of file size limits in ActiveStorage\n\nCVE-2020-8164: Possible Strong Parameters Bypass in ActionPack\n\nCVE-2020-8165: Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore\n\nCVE-2020-8166: Ability to forge per-form CSRF tokens given a global CSRF token\n\nCVE-2020-8167: CSRF Vulnerability in rails-ujs", "cvss3": {}, "published": "2020-05-20T00:00:00", "type": "nessus", "title": "FreeBSD : Rails -- multiple vulnerabilities (85fca718-99f6-11ea-bf1d-08002728f74c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8162", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167"], "modified": "2020-06-26T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-actionpack52", "p-cpe:/a:freebsd:freebsd:rubygem-actionpack60", "p-cpe:/a:freebsd:freebsd:rubygem-actionview52", "p-cpe:/a:freebsd:freebsd:rubygem-actionview60", "p-cpe:/a:freebsd:freebsd:rubygem-activestorage52", "p-cpe:/a:freebsd:freebsd:rubygem-activestorage60", "p-cpe:/a:freebsd:freebsd:rubygem-activesupport52", "p-cpe:/a:freebsd:freebsd:rubygem-activesupport60", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_85FCA71899F611EABF1D08002728F74C.NASL", "href": "https://www.tenable.com/plugins/nessus/136726", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136726);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/26\");\n\n script_cve_id(\"CVE-2020-8162\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\");\n\n script_name(english:\"FreeBSD : Rails -- multiple vulnerabilities (85fca718-99f6-11ea-bf1d-08002728f74c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ruby on Rails blog :\n\nHi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These\nreleases contain important security fixes, so please upgrade when you\ncan.\n\nBoth releases contain the following fixes :\n\nCVE-2020-8162: Circumvention of file size limits in ActiveStorage\n\nCVE-2020-8164: Possible Strong Parameters Bypass in ActionPack\n\nCVE-2020-8165: Potentially unintended unmarshalling of user-provided\nobjects in MemCacheStore and RedisCacheStore\n\nCVE-2020-8166: Ability to forge per-form CSRF tokens given a global\nCSRF token\n\nCVE-2020-8167: CSRF Vulnerability in rails-ujs\"\n );\n # https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8268ac87\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97c30406\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc4f9c88\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bbe96cfa\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?62b6f4ce\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59fb4e94\"\n );\n # https://vuxml.freebsd.org/freebsd/85fca718-99f6-11ea-bf1d-08002728f74c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a6180b1f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionpack52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionpack60\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview60\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activestorage52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activestorage60\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activesupport52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activesupport60\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionpack52<5.2.4.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview52<5.2.4.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activestorage52<5.2.4.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activesupport52<5.2.4.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionpack60<6.0.3.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview60<6.0.3.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activestorage60<6.0.3.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activesupport60<6.0.3.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-10-16T00:30:22", "description": "Update Ruby on Rails to 5.2.3. Fixes CVE-2019-5418 CVE-2019-5419 CVE-2019-5420.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "nessus", "title": "Fedora 30 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2019-1cfe24db5c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420"], "modified": "2020-09-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:rubygem-actionmailer", "p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord", "p-cpe:/a:fedoraproject:fedora:1:rubygem-activesupport", "p-cpe:/a:fedoraproject:fedora:1:rubygem-rails", "p-cpe:/a:fedoraproject:fedora:rubygem-actioncable", "p-cpe:/a:fedoraproject:fedora:rubygem-actionview", "p-cpe:/a:fedoraproject:fedora:rubygem-activejob", "p-cpe:/a:fedoraproject:fedora:rubygem-activemodel", "p-cpe:/a:fedoraproject:fedora:rubygem-activestorage", "p-cpe:/a:fedoraproject:fedora:rubygem-railties", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-1CFE24DB5C.NASL", "href": "https://www.tenable.com/plugins/nessus/124724", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-1cfe24db5c.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124724);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/04\");\n\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\");\n script_xref(name:\"FEDORA\", value:\"2019-1cfe24db5c\");\n\n script_name(english:\"Fedora 30 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2019-1cfe24db5c)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update Ruby on Rails to 5.2.3. Fixes CVE-2019-5418 CVE-2019-5419\nCVE-2019-5420.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1cfe24db5c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5420\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actioncable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activejob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activestorage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"rubygem-actionmailer-5.2.3-1.fc30\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"rubygem-actionpack-5.2.3-2.fc30\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"rubygem-activerecord-5.2.3-1.fc30\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"rubygem-activesupport-5.2.3-1.fc30\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"rubygem-rails-5.2.3-1.fc30\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"rubygem-actioncable-5.2.3-1.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"rubygem-actionview-5.2.3-2.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"rubygem-activejob-5.2.3-1.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"rubygem-activemodel-5.2.3-2.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"rubygem-activestorage-5.2.3-1.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"rubygem-railties-5.2.3-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:rubygem-actionmailer / 1:rubygem-actionpack / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-18T15:05:38", "description": "This update for rubygem-puma to version 4.3.5 fixes the following issues :\n\n - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage (bsc#1172175).\n\n - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header (bsc#1172176).\n\n - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-puma (openSUSE-2020-1001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11076", "CVE-2020-11077"], "modified": "2020-07-22T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma", "p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma-debuginfo", "p-cpe:/a:novell:opensuse:rubygem-puma-debugsource", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1001.NASL", "href": "https://www.tenable.com/plugins/nessus/138668", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1001.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138668);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2020-11076\", \"CVE-2020-11077\");\n\n script_name(english:\"openSUSE Security Update : rubygem-puma (openSUSE-2020-1001)\");\n script_summary(english:\"Check for the openSUSE-2020-1001 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rubygem-puma to version 4.3.5 fixes the following\nissues :\n\n - CVE-2020-11077: Fixed a HTTP smuggling issue related to\n proxy usage (bsc#1172175).\n\n - CVE-2020-11076: Fixed a HTTP smuggling issue when using\n an invalid transfer-encoding header (bsc#1172176).\n\n - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172176\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rubygem-puma packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-puma-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ruby2.5-rubygem-puma-4.3.5-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ruby2.5-rubygem-puma-debuginfo-4.3.5-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rubygem-puma-debugsource-4.3.5-lp152.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5-rubygem-puma / ruby2.5-rubygem-puma-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:01", "description": "Several security vulnerabilities have been discovered in puma, highly concurrent HTTP server for Ruby/Rack applications.\n\nCVE-2020-11076\n\nBy using an invalid transfer-encoding header, an attacker could smuggle an HTTP response.\n\nCVE-2020-11077\n\nclient could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body.\nPuma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect.\nIf the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client.\n\nFor Debian 9 stretch, this problem has been fixed in version 3.6.0-1+deb9u1.\n\nWe recommend that you upgrade your puma packages.\n\nFor the detailed security status of puma please refer to its security tracker page at: https://security-tracker.debian.org/tracker/puma\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-08T00:00:00", "type": "nessus", "title": "Debian DLA-2398-1 : puma security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11076", "CVE-2020-11077"], "modified": "2020-10-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:puma", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2398.NASL", "href": "https://www.tenable.com/plugins/nessus/141286", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2398-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141286);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/12\");\n\n script_cve_id(\"CVE-2020-11076\", \"CVE-2020-11077\");\n\n script_name(english:\"Debian DLA-2398-1 : puma security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several security vulnerabilities have been discovered in puma, highly\nconcurrent HTTP server for Ruby/Rack applications.\n\nCVE-2020-11076\n\nBy using an invalid transfer-encoding header, an attacker could\nsmuggle an HTTP response.\n\nCVE-2020-11077\n\nclient could smuggle a request through a proxy, causing the proxy to\nsend a response back to another unknown client. If the proxy uses\npersistent connections and the client adds another request in via HTTP\npipelining, the proxy may mistake it as the first request's body.\nPuma, however, would see it as two requests, and when processing the\nsecond request, send back a response that the proxy does not expect.\nIf the proxy has reused the persistent connection to Puma to send\nanother request for a different client, the second response from the\nfirst client will be sent to the second client.\n\nFor Debian 9 stretch, this problem has been fixed in version\n3.6.0-1+deb9u1.\n\nWe recommend that you upgrade your puma packages.\n\nFor the detailed security status of puma please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/puma\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/puma\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/puma\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected puma package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"puma\", reference:\"3.6.0-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:41", "description": "This update for rubygem-puma to version 4.3.5 fixes the following issues :\n\n - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage (bsc#1172175).\n\n - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid transfer-encoding header (bsc#1172176).\n\n - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-puma (openSUSE-2020-990)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-11076", "CVE-2020-11077"], "modified": "2020-07-22T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma", "p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma-debuginfo", "p-cpe:/a:novell:opensuse:rubygem-puma-debugsource", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-990.NASL", "href": "https://www.tenable.com/plugins/nessus/138753", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-990.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138753);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2020-11076\", \"CVE-2020-11077\");\n\n script_name(english:\"openSUSE Security Update : rubygem-puma (openSUSE-2020-990)\");\n script_summary(english:\"Check for the openSUSE-2020-990 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rubygem-puma to version 4.3.5 fixes the following\nissues :\n\n - CVE-2020-11077: Fixed a HTTP smuggling issue related to\n proxy usage (bsc#1172175).\n\n - CVE-2020-11076: Fixed a HTTP smuggling issue when using\n an invalid transfer-encoding header (bsc#1172176).\n\n - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172176\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rubygem-puma packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-puma-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-puma-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-rubygem-puma-4.3.5-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-rubygem-puma-debuginfo-4.3.5-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rubygem-puma-debugsource-4.3.5-lp151.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5-rubygem-puma / ruby2.5-rubygem-puma-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:39", "description": "Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the application.\n\nCVE-2020-8164\n\nStrong parameters bypass vector in ActionPack. In some cases user supplied information can be inadvertently leaked from Strong Parameters. Specifically the return value of `each`, or `each_value`, or `each_pair` will return the underlying 'untrusted' hash of data that was read from the parameters. Applications that use this return value may be inadvertently use untrusted user input.\n\nCVE-2020-8165\n\nPotentially unintended unmarshalling of user-provided objects in MemCacheStore. There is potentially unexpected behaviour in the MemCacheStore where, when untrusted user input is written to the cache store using the `raw: true` parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of plain text. Unmarshalling of untrusted user input can have impact up to and including RCE. At a minimum, this vulnerability allows an attacker to inject untrusted Ruby objects into a web application.\n\nIn addition to upgrading to the latest versions of Rails, developers should ensure that whenever they are calling `Rails.cache.fetch` they are using consistent values of the `raw` parameter for both reading and writing.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2:4.1.8-1+deb8u7.\n\nWe recommend that you upgrade your rails packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-22T00:00:00", "type": "nessus", "title": "Debian DLA-2251-1 : rails security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8164", "CVE-2020-8165"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "p-cpe:/a:debian:debian_linux:ruby-actionmailer", "p-cpe:/a:debian:debian_linux:ruby-actionpack", "p-cpe:/a:debian:debian_linux:ruby-actionview", "p-cpe:/a:debian:debian_linux:ruby-activemodel", "p-cpe:/a:debian:debian_linux:ruby-activerecord", "p-cpe:/a:debian:debian_linux:ruby-activesupport", "p-cpe:/a:debian:debian_linux:ruby-activesupport-2.3", "p-cpe:/a:debian:debian_linux:ruby-rails", "p-cpe:/a:debian:debian_linux:ruby-railties", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2251.NASL", "href": "https://www.tenable.com/plugins/nessus/137670", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2251-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137670);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-8164\", \"CVE-2020-8165\");\n\n script_name(english:\"Debian DLA-2251-1 : rails security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\nCVE-2020-8164\n\nStrong parameters bypass vector in ActionPack. In some cases user\nsupplied information can be inadvertently leaked from Strong\nParameters. Specifically the return value of `each`, or `each_value`,\nor `each_pair` will return the underlying 'untrusted' hash of data\nthat was read from the parameters. Applications that use this return\nvalue may be inadvertently use untrusted user input.\n\nCVE-2020-8165\n\nPotentially unintended unmarshalling of user-provided objects in\nMemCacheStore. There is potentially unexpected behaviour in the\nMemCacheStore where, when untrusted user input is written to the cache\nstore using the `raw: true` parameter, re-reading the result from the\ncache can evaluate the user input as a Marshalled object instead of\nplain text. Unmarshalling of untrusted user input can have impact up\nto and including RCE. At a minimum, this vulnerability allows an\nattacker to inject untrusted Ruby objects into a web application.\n\nIn addition to upgrading to the latest versions of Rails,\ndevelopers should ensure that whenever they are calling\n`Rails.cache.fetch` they are using consistent values of the\n`raw` parameter for both reading and writing.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2:4.1.8-1+deb8u7.\n\nWe recommend that you upgrade your rails packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/rails\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activesupport-2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"rails\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionmailer\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionpack\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionview\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activemodel\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activerecord\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activesupport\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activesupport-2.3\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-rails\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-railties\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:47", "description": "Security fix for CVE-2020-5247, CVE-2020-5249\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "Fedora 30 : rubygem-puma (2020-08092b4c97)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-5247", "CVE-2020-5249"], "modified": "2020-04-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-puma", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2020-08092B4C97.NASL", "href": "https://www.tenable.com/plugins/nessus/135367", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-08092b4c97.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135367);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/14\");\n\n script_cve_id(\"CVE-2020-5247\", \"CVE-2020-5249\");\n script_xref(name:\"FEDORA\", value:\"2020-08092b4c97\");\n\n script_name(english:\"Fedora 30 : rubygem-puma (2020-08092b4c97)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2020-5247, CVE-2020-5249\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-08092b4c97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-puma package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-puma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"rubygem-puma-3.12.4-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-puma\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:59:38", "description": "Security fix for CVE-2020-5247, CVE-2020-5249\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "Fedora 31 : rubygem-puma (2020-fd87f90634)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-5247", "CVE-2020-5249"], "modified": "2020-04-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-puma", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-FD87F90634.NASL", "href": "https://www.tenable.com/plugins/nessus/135373", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-fd87f90634.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135373);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/14\");\n\n script_cve_id(\"CVE-2020-5247\", \"CVE-2020-5249\");\n script_xref(name:\"FEDORA\", value:\"2020-fd87f90634\");\n\n script_name(english:\"Fedora 31 : rubygem-puma (2020-fd87f90634)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2020-5247, CVE-2020-5249\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-fd87f90634\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-puma package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-puma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"rubygem-puma-3.12.4-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-puma\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:40", "description": "This update for rubygem-actionpack-5_1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-5418: Fixed a file content disclosure vulnerability in Action View which could be exploited via specially crafted accept headers in combination with calls to render file (bsc#1129272).\n\n - CVE-2019-5419: Fixed a resource exhaustion issue in Action View which could make the server unable to process requests (bsc#1129271).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-05-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2019-1344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-5_1", "p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-doc-5_1", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1344.NASL", "href": "https://www.tenable.com/plugins/nessus/124709", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1344.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124709);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2019-1344)\");\n script_summary(english:\"Check for the openSUSE-2019-1344 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rubygem-actionpack-5_1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-5418: Fixed a file content disclosure\n vulnerability in Action View which could be exploited\n via specially crafted accept headers in combination with\n calls to render file (bsc#1129272).\n\n - CVE-2019-5419: Fixed a resource exhaustion issue in\n Action View which could make the server unable to\n process requests (bsc#1129271).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129272\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rubygem-actionpack-5_1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5418\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-doc-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ruby2.5-rubygem-actionpack-5_1-5.1.4-lp150.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-lp150.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5-rubygem-actionpack-5_1 / ruby2.5-rubygem-actionpack-doc-5_1\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-05-24T14:09:27", "description": "John Hawthorn of Github discovered a file content disclosure vulnerability in Rails, a ruby based web application framework.\nSpecially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents.\n\nThis vulnerability could also be exploited for a denial of service attack.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2:4.1.8-1+deb8u5.\n\nWe recommend that you upgrade your rails packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-01T00:00:00", "type": "nessus", "title": "Debian DLA-1739-1 : rails security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "p-cpe:/a:debian:debian_linux:ruby-actionmailer", "p-cpe:/a:debian:debian_linux:ruby-actionpack", "p-cpe:/a:debian:debian_linux:ruby-actionview", "p-cpe:/a:debian:debian_linux:ruby-activemodel", "p-cpe:/a:debian:debian_linux:ruby-activerecord", "p-cpe:/a:debian:debian_linux:ruby-activesupport", "p-cpe:/a:debian:debian_linux:ruby-activesupport-2.3", "p-cpe:/a:debian:debian_linux:ruby-rails", "p-cpe:/a:debian:debian_linux:ruby-railties", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1739.NASL", "href": "https://www.tenable.com/plugins/nessus/123526", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1739-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123526);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\");\n\n script_name(english:\"Debian DLA-1739-1 : rails security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"John Hawthorn of Github discovered a file content disclosure\nvulnerability in Rails, a ruby based web application framework.\nSpecially crafted accept headers in combination with calls to `render\nfile:` can cause arbitrary files on the target server to be rendered,\ndisclosing the file contents.\n\nThis vulnerability could also be exploited for a denial of service\nattack.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2:4.1.8-1+deb8u5.\n\nWe recommend that you upgrade your rails packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/rails\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5418\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activesupport-2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"rails\", reference:\"2:4.1.8-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionmailer\", reference:\"2:4.1.8-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionpack\", reference:\"2:4.1.8-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionview\", reference:\"2:4.1.8-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activemodel\", reference:\"2:4.1.8-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activerecord\", reference:\"2:4.1.8-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activesupport\", reference:\"2:4.1.8-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activesupport-2.3\", reference:\"2:4.1.8-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-rails\", reference:\"2:4.1.8-1+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-railties\", reference:\"2:4.1.8-1+deb8u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:26:41", "description": "An update is now available for CloudForms Management Engine 5.10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRed Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.\n\nSecurity Fix(es) :\n\n* rubygem-actionpack: render file directory traversal in Action View (CVE-2019-5418)\n\n* rubygem-actionpack: denial of service vulnerability in Action View (CVE-2019-5419)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nThis update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.", "cvss3": {}, "published": "2019-07-26T00:00:00", "type": "nessus", "title": "RHEL 7 : CloudForms (RHSA-2019:0796)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419"], "modified": "2020-09-04T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ansible-tower", "p-cpe:/a:redhat:enterprise_linux:ansible-tower-server", "p-cpe:/a:redhat:enterprise_linux:ansible-tower-setup", "p-cpe:/a:redhat:enterprise_linux:ansible-tower-ui", "p-cpe:/a:redhat:enterprise_linux:ansible-tower-venv-ansible", "p-cpe:/a:redhat:enterprise_linux:ansible-tower-venv-tower", "p-cpe:/a:redhat:enterprise_linux:cfme", "p-cpe:/a:redhat:enterprise_linux:cfme-amazon-smartstate", "p-cpe:/a:redhat:enterprise_linux:cfme-appliance", "p-cpe:/a:redhat:enterprise_linux:cfme-appliance-common", "p-cpe:/a:redhat:enterprise_linux:cfme-appliance-debuginfo", "p-cpe:/a:redhat:enterprise_linux:cfme-appliance-tools", "p-cpe:/a:redhat:enterprise_linux:cfme-debuginfo", "p-cpe:/a:redhat:enterprise_linux:cfme-gemset", "p-cpe:/a:redhat:enterprise_linux:cfme-gemset-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-0796.NASL", "href": "https://www.tenable.com/plugins/nessus/127087", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:0796. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127087);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/04\");\n\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\");\n script_xref(name:\"RHSA\", value:\"2019:0796\");\n\n script_name(english:\"RHEL 7 : CloudForms (RHSA-2019:0796)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update is now available for CloudForms Management Engine 5.10.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRed Hat CloudForms Management Engine delivers the insight, control,\nand automation needed to address the challenges of managing virtual\nenvironments. CloudForms Management Engine is built on Ruby on Rails,\na model-view-controller (MVC) framework for web application\ndevelopment. Action Pack implements the controller and the view\ncomponents.\n\nSecurity Fix(es) :\n\n* rubygem-actionpack: render file directory traversal in Action View\n(CVE-2019-5418)\n\n* rubygem-actionpack: denial of service vulnerability in Action View\n(CVE-2019-5419)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nAdditional Changes :\n\nThis update fixes various bugs and adds enhancements. Documentation\nfor these changes is available from the Release Notes document linked\nto in the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.7/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9209bd9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:0796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-5419\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5418\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-tower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-tower-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-tower-setup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-tower-ui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-tower-venv-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-tower-venv-tower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-amazon-smartstate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-appliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-appliance-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-appliance-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-appliance-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-gemset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-gemset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:0796\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL7\", rpm:\"cfme-5.10\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CloudForms\");\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ansible-tower-3.4.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ansible-tower-server-3.4.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ansible-tower-setup-3.4.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ansible-tower-ui-3.4.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ansible-tower-venv-ansible-3.4.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ansible-tower-venv-tower-3.4.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cfme-5.10.3.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cfme-amazon-smartstate-5.10.3.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cfme-appliance-5.10.3.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cfme-appliance-common-5.10.3.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cfme-appliance-debuginfo-5.10.3.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cfme-appliance-tools-5.10.3.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cfme-debuginfo-5.10.3.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cfme-gemset-5.10.3.3-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"cfme-gemset-debuginfo-5.10.3.3-1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ansible-tower / ansible-tower-server / ansible-tower-setup / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:20:55", "description": "Ruby on Rails blog :\n\nRails 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1, and 6.0.0.beta3 have been released! These contain the following important security fixes. It is recommended that users upgrade as soon as possible :\n\nCVE-2019-5418 File Content Disclosure in Action View\n\nCVE-2019-5419 Denial of Service Vulnerability in Action View", "cvss3": {}, "published": "2019-03-19T00:00:00", "type": "nessus", "title": "FreeBSD : Rails -- Action View vulnerabilities (1396a74a-4997-11e9-b5f1-83edb3f89ba1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419"], "modified": "2020-09-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-actionview4", "p-cpe:/a:freebsd:freebsd:rubygem-actionview5", "p-cpe:/a:freebsd:freebsd:rubygem-actionview50", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_1396A74A499711E9B5F183EDB3F89BA1.NASL", "href": "https://www.tenable.com/plugins/nessus/122936", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122936);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/04\");\n\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\");\n\n script_name(english:\"FreeBSD : Rails -- Action View vulnerabilities (1396a74a-4997-11e9-b5f1-83edb3f89ba1)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ruby on Rails blog :\n\nRails 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1, and 6.0.0.beta3 have been\nreleased! These contain the following important security fixes. It is\nrecommended that users upgrade as soon as possible :\n\nCVE-2019-5418 File Content Disclosure in Action View\n\nCVE-2019-5419 Denial of Service Vulnerability in Action View\"\n );\n # https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?274d3ab0\"\n );\n # https://vuxml.freebsd.org/freebsd/1396a74a-4997-11e9-b5f1-83edb3f89ba1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0cc2b7a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-5418\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview50\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview4<4.2.11.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview50<5.0.7.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview5<5.1.6.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T17:16:40", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2059-1 advisory.\n\n - In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory. (CVE-2020-15169)\n\n - A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. (CVE-2020-8167)\n\n - A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. (CVE-2022-27777)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-28T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionview-5_1 (SUSE-SU-2023:2059-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15169", "CVE-2020-8167", "CVE-2022-27777"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:ruby2.5-rubygem-actionview-5_1", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2023-2059-1.NASL", "href": "https://www.tenable.com/plugins/nessus/174923", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2023:2059-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174923);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2020-8167\", \"CVE-2020-15169\", \"CVE-2022-27777\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2023:2059-1\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionview-5_1 (SUSE-SU-2023:2059-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2023:2059-1 advisory.\n\n - In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS)\n vulnerability in Action View's translation helpers. Views that allow the user to control the default (not\n found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe\n string is passed as the default for a missing translation key named html or ending in _html, the default\n string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and\n 5.2.4.4. A workaround without upgrading is proposed in the source advisory. (CVE-2020-15169)\n\n - A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF\n tokens to wrong domains. (CVE-2020-8167)\n\n - A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to\n inject content if able to control input into specific attributes. (CVE-2022-27777)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-8167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-27777\");\n # https://lists.suse.com/pipermail/sle-security-updates/2023-April/014619.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f2da331\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby2.5-rubygem-actionview-5_1 and / or ruby2.5-rubygem-actionview-doc-5_1 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-8167\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-rubygem-actionview-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2|3|4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2/3/4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'ruby2.5-rubygem-actionview-doc-5_1-5.1.4-150000.3.6.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby2.5-rubygem-actionview-5_1 / ruby2.5-rubygem-actionview-doc-5_1');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:48", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1313 advisory.\n\n - rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses (CVE-2015-1820)\n\n - rubygem-rest-client: unsanitized application logging (CVE-2015-3448)\n\n - foreman: Managing repositories with their id via hammer does not respect the role filters (CVE-2017-2662)\n\n - rack-protection: Timing attack in authenticity_token.rb (CVE-2018-1000119)\n\n - rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)\n\n - python-psutil: Double free because of refcount mishandling (CVE-2019-18874)\n\n - netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n - foreman: world-readable OMAPI secret through the ISC DHCP server (CVE-2020-14335)\n\n - rubygem-activeview: Cross-site scripting in translation helpers (CVE-2020-15169)\n\n - resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling (CVE-2020-25633)\n\n - rubygem-activestorage: circumvention of file size limits in ActiveStorage (CVE-2020-8162)\n\n - rubygem-actionpack: possible strong parameters bypass (CVE-2020-8164)\n\n - rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore (CVE-2020-8165)\n\n - rubygem-actionpack: ability to forge per-form CSRF tokens given a global CSRF token (CVE-2020-8166)\n\n - rubygem-actionview: CSRF vulnerability in rails-ujs (CVE-2020-8167)\n\n - rubygem-rails: untrusted users able to run pending migrations in production (CVE-2020-8185)\n\n - django: potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle (CVE-2020-9402)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-21T00:00:00", "type": "nessus", "title": "RHEL 7 : Satellite 6.9 Release (Moderate) (RHSA-2021:1313)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1820", "CVE-2015-3448", "CVE-2017-2662", "CVE-2018-1000119", "CVE-2019-16782", "CVE-2019-18874", "CVE-2020-11612", "CVE-2020-14335", "CVE-2020-15169", "CVE-2020-25633", "CVE-2020-8162", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8185", "CVE-2020-9402"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:ansible-collection-redhat-satellite", "p-cpe:/a:redhat:enterprise_linux:ansible-runner", "p-cpe:/a:redhat:enterprise_linux:ansiblerole-foreman_scap_client", "p-cpe:/a:redhat:enterprise_linux:ansiblerole-insights-client", "p-cpe:/a:redhat:enterprise_linux:ansiblerole-satellite-receptor-installer", "p-cpe:/a:redhat:enterprise_linux:candlepin", "p-cpe:/a:redhat:enterprise_linux:candlepin-selinux", "p-cpe:/a:redhat:enterprise_linux:crane-selinux", "p-cpe:/a:redhat:enterprise_linux:createrepo_c", "p-cpe:/a:redhat:enterprise_linux:createrepo_c-libs", "p-cpe:/a:redhat:enterprise_linux:foreman", "p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat", "p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat-tftpboot", "p-cpe:/a:redhat:enterprise_linux:foreman-cli", "p-cpe:/a:redhat:enterprise_linux:foreman-debug", "p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image", "p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image-service", "p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image-service-tui", "p-cpe:/a:redhat:enterprise_linux:foreman-dynflow-sidekiq", "p-cpe:/a:redhat:enterprise_linux:foreman-ec2", "p-cpe:/a:redhat:enterprise_linux:foreman-gce", "p-cpe:/a:redhat:enterprise_linux:foreman-installer", "p-cpe:/a:redhat:enterprise_linux:foreman-installer-katello", "p-cpe:/a:redhat:enterprise_linux:foreman-journald", "p-cpe:/a:redhat:enterprise_linux:foreman-libvirt", "p-cpe:/a:redhat:enterprise_linux:foreman-openstack", "p-cpe:/a:redhat:enterprise_linux:foreman-ovirt", "p-cpe:/a:redhat:enterprise_linux:foreman-postgresql", "p-cpe:/a:redhat:enterprise_linux:foreman-proxy", "p-cpe:/a:redhat:enterprise_linux:foreman-proxy-content", "p-cpe:/a:redhat:enterprise_linux:foreman-proxy-journald", "p-cpe:/a:redhat:enterprise_linux:foreman-telemetry", "p-cpe:/a:redhat:enterprise_linux:foreman-vmware", "p-cpe:/a:redhat:enterprise_linux:foreman-proxy-selinux", "p-cpe:/a:redhat:enterprise_linux:hfsplus-tools", "p-cpe:/a:redhat:enterprise_linux:foreman-selinux", "p-cpe:/a:redhat:enterprise_linux:katello", "p-cpe:/a:redhat:enterprise_linux:foreman-service", "p-cpe:/a:redhat:enterprise_linux:katello-common", "p-cpe:/a:redhat:enterprise_linux:katello-debug", "p-cpe:/a:redhat:enterprise_linux:katello-certs-tools", "p-cpe:/a:redhat:enterprise_linux:katello-client-bootstrap", "p-cpe:/a:redhat:enterprise_linux:katello-selinux", "p-cpe:/a:redhat:enterprise_linux:python-simplejson", "p-cpe:/a:redhat:enterprise_linux:keycloak-httpd-client-install", "p-cpe:/a:redhat:enterprise_linux:kobo", "p-cpe:/a:redhat:enterprise_linux:python-zope-interface", "p-cpe:/a:redhat:enterprise_linux:libcomps", "p-cpe:/a:redhat:enterprise_linux:python2-amqp", "p-cpe:/a:redhat:enterprise_linux:libmodulemd", "p-cpe:/a:redhat:enterprise_linux:python2-ansible-runner", "p-cpe:/a:redhat:enterprise_linux:libmodulemd2", "p-cpe:/a:redhat:enterprise_linux:libsolv", "p-cpe:/a:redhat:enterprise_linux:libwebsockets", "p-cpe:/a:redhat:enterprise_linux:python2-anyjson", "p-cpe:/a:redhat:enterprise_linux:livecd-tools", "p-cpe:/a:redhat:enterprise_linux:python2-billiard", "p-cpe:/a:redhat:enterprise_linux:mod_passenger", "p-cpe:/a:redhat:enterprise_linux:python2-celery", "p-cpe:/a:redhat:enterprise_linux:mod_xsendfile", "p-cpe:/a:redhat:enterprise_linux:python2-click", "p-cpe:/a:redhat:enterprise_linux:ostree", "p-cpe:/a:redhat:enterprise_linux:python2-crane", "p-cpe:/a:redhat:enterprise_linux:pcp-mmvstatsd", "p-cpe:/a:redhat:enterprise_linux:python2-daemon", "p-cpe:/a:redhat:enterprise_linux:pulp-admin-client", "p-cpe:/a:redhat:enterprise_linux:pulp-docker-admin-extensions", "p-cpe:/a:redhat:enterprise_linux:pulp-docker-plugins", "p-cpe:/a:redhat:enterprise_linux:python2-django", "p-cpe:/a:redhat:enterprise_linux:pulp-katello", "p-cpe:/a:redhat:enterprise_linux:pulp-maintenance", "p-cpe:/a:redhat:enterprise_linux:python2-flask", "p-cpe:/a:redhat:enterprise_linux:pulp-nodes-child", "p-cpe:/a:redhat:enterprise_linux:python2-future", "p-cpe:/a:redhat:enterprise_linux:pulp-nodes-common", "p-cpe:/a:redhat:enterprise_linux:python2-gobject", "p-cpe:/a:redhat:enterprise_linux:pulp-nodes-parent", "p-cpe:/a:redhat:enterprise_linux:pulp-ostree-admin-extensions", "p-cpe:/a:redhat:enterprise_linux:python2-gobject-base", "p-cpe:/a:redhat:enterprise_linux:pulp-ostree-plugins", "p-cpe:/a:redhat:enterprise_linux:pulp-puppet-admin-extensions", "p-cpe:/a:redhat:enterprise_linux:python2-isodate", "p-cpe:/a:redhat:enterprise_linux:pulp-puppet-plugins", "p-cpe:/a:redhat:enterprise_linux:python2-itsdangerous", "p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools", "p-cpe:/a:redhat:enterprise_linux:pulp-rpm-admin-extensions", "p-cpe:/a:redhat:enterprise_linux:python2-jinja2", "p-cpe:/a:redhat:enterprise_linux:pulp-rpm-plugins", "p-cpe:/a:redhat:enterprise_linux:python2-jmespath", "p-cpe:/a:redhat:enterprise_linux:pulp-selinux", "p-cpe:/a:redhat:enterprise_linux:pulp-server", "p-cpe:/a:redhat:enterprise_linux:python2-keycloak-httpd-client-install", "p-cpe:/a:redhat:enterprise_linux:pulpcore-selinux", "p-cpe:/a:redhat:enterprise_linux:puppet-agent", "p-cpe:/a:redhat:enterprise_linux:puppet-agent-oauth", "p-cpe:/a:redhat:enterprise_linux:python2-kombu", "p-cpe:/a:redhat:enterprise_linux:puppet-foreman_scap_client", "p-cpe:/a:redhat:enterprise_linux:python2-lockfile", "p-cpe:/a:redhat:enterprise_linux:puppetlabs-stdlib", "p-cpe:/a:redhat:enterprise_linux:python2-markupsafe", "p-cpe:/a:redhat:enterprise_linux:puppetserver", "p-cpe:/a:redhat:enterprise_linux:python2-okaara", "p-cpe:/a:redhat:enterprise_linux:pycairo", "p-cpe:/a:redhat:enterprise_linux:python-blinker", "p-cpe:/a:redhat:enterprise_linux:python2-pexpect", "p-cpe:/a:redhat:enterprise_linux:python-bson", "p-cpe:/a:redhat:enterprise_linux:python2-psutil", "p-cpe:/a:redhat:enterprise_linux:python-gnupg", "p-cpe:/a:redhat:enterprise_linux:python-gofer", "p-cpe:/a:redhat:enterprise_linux:python2-ptyprocess", "p-cpe:/a:redhat:enterprise_linux:python-gofer-qpid", "p-cpe:/a:redhat:enterprise_linux:python2-pycurl", "p-cpe:/a:redhat:enterprise_linux:python-imgcreate", "p-cpe:/a:redhat:enterprise_linux:python-kid", "p-cpe:/a:redhat:enterprise_linux:python2-solv", "p-cpe:/a:redhat:enterprise_linux:python-mongoengine", "p-cpe:/a:redhat:enterprise_linux:python2-twisted", "p-cpe:/a:redhat:enterprise_linux:python-nectar", "p-cpe:/a:redhat:enterprise_linux:python-oauth2", "p-cpe:/a:redhat:enterprise_linux:python2-vine", "p-cpe:/a:redhat:enterprise_linux:python-pulp-agent-lib", "p-cpe:/a:redhat:enterprise_linux:python2-werkzeug", "p-cpe:/a:redhat:enterprise_linux:python3-aiodns", "p-cpe:/a:redhat:enterprise_linux:python3-aiofiles", "p-cpe:/a:redhat:enterprise_linux:python3-aiohttp", "p-cpe:/a:redhat:enterprise_linux:python3-async-timeout", "p-cpe:/a:redhat:enterprise_linux:python3-attrs", "p-cpe:/a:redhat:enterprise_linux:python3-backoff", "p-cpe:/a:redhat:enterprise_linux:python3-cairo", "p-cpe:/a:redhat:enterprise_linux:python3-certifi", "p-cpe:/a:redhat:enterprise_linux:python3-cffi", "p-cpe:/a:redhat:enterprise_linux:python3-chardet", "p-cpe:/a:redhat:enterprise_linux:python3-click", "p-cpe:/a:redhat:enterprise_linux:python3-createrepo_c", "p-cpe:/a:redhat:enterprise_linux:python3-cryptography", "p-cpe:/a:redhat:enterprise_linux:python3-dateutil", "p-cpe:/a:redhat:enterprise_linux:python3-defusedxml", "p-cpe:/a:redhat:enterprise_linux:python3-diff-match-patch", "p-cpe:/a:redhat:enterprise_linux:python3-django", "p-cpe:/a:redhat:enterprise_linux:python3-django-currentuser", "p-cpe:/a:redhat:enterprise_linux:python3-django-filter", "p-cpe:/a:redhat:enterprise_linux:python-pulp-bindings", "p-cpe:/a:redhat:enterprise_linux:python-pulp-client-lib", "p-cpe:/a:redhat:enterprise_linux:python-pulp-common", "p-cpe:/a:redhat:enterprise_linux:python-pulp-docker-common", "p-cpe:/a:redhat:enterprise_linux:python-pulp-integrity", "p-cpe:/a:redhat:enterprise_linux:python-pulp-oid_validation", "p-cpe:/a:redhat:enterprise_linux:python-pulp-ostree-common", "p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common", "p-cpe:/a:redhat:enterprise_linux:python-pulp-repoauth", "p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common", "p-cpe:/a:redhat:enterprise_linux:python-pulp-streamer", "p-cpe:/a:redhat:enterprise_linux:python-pymongo", "p-cpe:/a:redhat:enterprise_linux:python-pymongo-gridfs", "p-cpe:/a:redhat:enterprise_linux:python-qpid", "p-cpe:/a:redhat:enterprise_linux:python-qpid-proton", "p-cpe:/a:redhat:enterprise_linux:python-qpid-qmf", "p-cpe:/a:redhat:enterprise_linux:python-saslwrapper", "p-cpe:/a:redhat:enterprise_linux:python-semantic_version", "p-cpe:/a:redhat:enterprise_linux:python3-jsonschema", "p-cpe:/a:redhat:enterprise_linux:python3-libcomps", "p-cpe:/a:redhat:enterprise_linux:python3-django-guardian", "p-cpe:/a:redhat:enterprise_linux:python3-django-import-export", "p-cpe:/a:redhat:enterprise_linux:python3-django-lifecycle", "p-cpe:/a:redhat:enterprise_linux:python3-django-prometheus", "p-cpe:/a:redhat:enterprise_linux:python3-django-readonly-field", "p-cpe:/a:redhat:enterprise_linux:python3-djangorestframework", "p-cpe:/a:redhat:enterprise_linux:python3-djangorestframework-queryfields", "p-cpe:/a:redhat:enterprise_linux:python3-drf-access-policy", "p-cpe:/a:redhat:enterprise_linux:python3-drf-nested-routers", "p-cpe:/a:redhat:enterprise_linux:python3-drf-spectacular", "p-cpe:/a:redhat:enterprise_linux:python3-dynaconf", "p-cpe:/a:redhat:enterprise_linux:python3-ecdsa", "p-cpe:/a:redhat:enterprise_linux:python3-et-xmlfile", "p-cpe:/a:redhat:enterprise_linux:python3-future", "p-cpe:/a:redhat:enterprise_linux:python3-gnupg", "p-cpe:/a:redhat:enterprise_linux:python3-gobject", "p-cpe:/a:redhat:enterprise_linux:python3-markuppy", "p-cpe:/a:redhat:enterprise_linux:python3-gobject-base", "p-cpe:/a:redhat:enterprise_linux:python3-markupsafe", "p-cpe:/a:redhat:enterprise_linux:python3-gunicorn", "p-cpe:/a:redhat:enterprise_linux:python3-mongoengine", "p-cpe:/a:redhat:enterprise_linux:python3-idna", "p-cpe:/a:redhat:enterprise_linux:python3-multidict", "p-cpe:/a:redhat:enterprise_linux:python3-idna-ssl", "p-cpe:/a:redhat:enterprise_linux:python3-odfpy", "p-cpe:/a:redhat:enterprise_linux:python3-importlib-metadata", "p-cpe:/a:redhat:enterprise_linux:python3-openpyxl", "p-cpe:/a:redhat:enterprise_linux:python3-inflection", "p-cpe:/a:redhat:enterprise_linux:python3-productmd", "p-cpe:/a:redhat:enterprise_linux:python3-iniparse", "p-cpe:/a:redhat:enterprise_linux:python3-prometheus-client", "p-cpe:/a:redhat:enterprise_linux:python3-jdcal", "p-cpe:/a:redhat:enterprise_linux:python3-psycopg2", "p-cpe:/a:redhat:enterprise_linux:python3-pulp-2to3-migration", "p-cpe:/a:redhat:enterprise_linux:python3-jinja2", "p-cpe:/a:redhat:enterprise_linux:python3-pulp-certguard", "p-cpe:/a:redhat:enterprise_linux:python3-pulp-container", "p-cpe:/a:redhat:enterprise_linux:python3-pulp-file", "p-cpe:/a:redhat:enterprise_linux:python3-pulp-rpm", "p-cpe:/a:redhat:enterprise_linux:python3-pulpcore", "p-cpe:/a:redhat:enterprise_linux:python3-tablib", "p-cpe:/a:redhat:enterprise_linux:python3-pyopenssl", "p-cpe:/a:redhat:enterprise_linux:python3-pycares", "p-cpe:/a:redhat:enterprise_linux:python3-pycparser", "p-cpe:/a:redhat:enterprise_linux:python3-typing", "p-cpe:/a:redhat:enterprise_linux:python3-typing-extensions", "p-cpe:/a:redhat:enterprise_linux:python3-pycryptodomex", "p-cpe:/a:redhat:enterprise_linux:python3-uritemplate", "p-cpe:/a:redhat:enterprise_linux:python3-pygtrie", "p-cpe:/a:redhat:enterprise_linux:python3-url-normalize", "p-cpe:/a:redhat:enterprise_linux:python3-pyjwkest", "p-cpe:/a:redhat:enterprise_linux:python3-urllib3", "p-cpe:/a:redhat:enterprise_linux:python3-pyjwt", "p-cpe:/a:redhat:enterprise_linux:python3-pymongo", "p-cpe:/a:redhat:enterprise_linux:python3-urlman", "p-cpe:/a:redhat:enterprise_linux:python3-pyrsistent", "p-cpe:/a:redhat:enterprise_linux:python3-pytz", "p-cpe:/a:redhat:enterprise_linux:python3-whitenoise", "p-cpe:/a:redhat:enterprise_linux:python3-pyyaml", "p-cpe:/a:redhat:enterprise_linux:python3-xlrd", "p-cpe:/a:redhat:enterprise_linux:python3-receptor-satellite", "p-cpe:/a:redhat:enterprise_linux:python3-xlwt", "p-cpe:/a:redhat:enterprise_linux:python3-redis", "p-cpe:/a:redhat:enterprise_linux:python3-yarl", "p-cpe:/a:redhat:enterprise_linux:python3-requests", "p-cpe:/a:redhat:enterprise_linux:python3-zipp", "p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client", "p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client-devel", "p-cpe:/a:redhat:enterprise_linux:python3-rpm", "p-cpe:/a:redhat:enterprise_linux:python3-rq", "p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server", "p-cpe:/a:redhat:enterprise_linux:python3-semantic-version", "p-cpe:/a:redhat:enterprise_linux:python3-six", "p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-linearstore", "p-cpe:/a:redhat:enterprise_linux:python3-solv", "p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-router", "p-cpe:/a:redhat:enterprise_linux:python3-sqlparse", "p-cpe:/a:redhat:enterprise_linux:python3-subscription-manager-rhsm", "p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-tools", "p-cpe:/a:redhat:enterprise_linux:receptor", "p-cpe:/a:redhat:enterprise_linux:qpid-proton-c", "p-cpe:/a:redhat:enterprise_linux:redhat-access-insights-puppet", "p-cpe:/a:redhat:enterprise_linux:qpid-qmf", "p-cpe:/a:redhat:enterprise_linux:repoview", "p-cpe:/a:redhat:enterprise_linux:qpid-tools", "p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-evr", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-dsl", "p-cpe:/a:redhat:enterprise_linux:rhel8-kickstart-setup", "p-cpe:/a:redhat:enterprise_linux:rubygem-facter", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-params", "p-cpe:/a:redhat:enterprise_linux:rubygem-fast_gettext", "p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client", "p-cpe:/a:redhat:enterprise_linux:rubygem-highline", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-rails", "p-cpe:/a:redhat:enterprise_linux:rubygem-oauth", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-audited", "p-cpe:/a:redhat:enterprise_linux:rubygem-passenger", "p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native", "p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native-libs", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_compute", "p-cpe:/a:redhat:enterprise_linux:rubygem-rack", "p-cpe:/a:redhat:enterprise_linux:rubygem-rake", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_network", "p-cpe:/a:redhat:enterprise_linux:saslwrapper", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_resources", "p-cpe:/a:redhat:enterprise_linux:satellite", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_storage", "p-cpe:/a:redhat:enterprise_linux:satellite-capsule", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_subscriptions", "p-cpe:/a:redhat:enterprise_linux:satellite-cli", "p-cpe:/a:redhat:enterprise_linux:satellite-common", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bcrypt", "p-cpe:/a:redhat:enterprise_linux:satellite-debug-tools", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-builder", "p-cpe:/a:redhat:enterprise_linux:satellite-installer", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bundler_ext", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actioncable", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionmailbox", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-clamp", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionmailer", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionpack", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-coffee-rails", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actiontext", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionview", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activejob", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activemodel", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-coffee-script", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-coffee-script-source", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-import", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-session_store", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-concurrent-ruby", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activestorage", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-concurrent-ruby-edge", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activesupport", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-connection_pool", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-addressable", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-algebrick", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-crass", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-amazing_print", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-css_parser", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ancestry", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-daemons", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-anemone", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deacon", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-angular-rails-templates", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ansi", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-declarative", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-bindings", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-declarative-option", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ffi", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-aws", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-core", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deep_cloneable", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-google", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-json", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deface", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-kubevirt", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-diffy", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-libvirt", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-openstack", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-domain_name", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-dynflow", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-erubi", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-excon", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-execjs", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-facter", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday-cookie_jar", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-ovirt", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-vsphere", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday_middleware", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-xml", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fast_gettext", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks-core", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-graphql", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible_core", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_azure_rm", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_bootdisk", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_discovery", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_hooks", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_kubevirt", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_leapp", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-graphql-batch", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_openscap", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution-cockpit", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gssapi", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution_core", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_rh_cloud", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_templates", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_theme_satellite", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_admin", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_virt_who_configure", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_ansible", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-formatador", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-friendly_id", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_azure_rm", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fx", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-get_process_mem", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gettext", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gettext_i18n_rails", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_bootdisk", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-git", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gitlab-sidekiq-fetcher", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-globalid", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_discovery", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-google-api-client", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_docker", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-google-cloud-env", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-googleauth", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_kubevirt", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_leapp", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_rpm_client", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_openscap", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulpcore_client", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_remote_execution", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_tasks", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-puma", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-puma-plugin-systemd", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_templates", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-quantile", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_virt_who_configure", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rabl", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_katello", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-cors", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-jsonp", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hashie", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-protection", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-test", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-highline", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-dom-testing", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-html-sanitizer", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-cookie", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-i18n", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-railties", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-form_data", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rainbow", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rb-inotify", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http_parser.rb", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbovirt", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-httpclient", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbvmomi", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-i18n", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-record_tag_helper", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-infoblox", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-recursive-open-struct", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ipaddress", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redfish_client", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jgrep", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access_lib", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redis", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-representable", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-logger", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-responders", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rest-client", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-native", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-retriable", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jwt", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rkerberos", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kafo", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie-rails", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kafo_parsers", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-robotex", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rsec", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kafo_wizards", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby-libvirt", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-katello", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby2ruby", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kubeclient", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby_parser", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ldap_fluff", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rubyipmi", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-runcible", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-little-plugger", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-locale", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging-journald", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-loofah", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mail", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-marcel", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-memoist", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-method_source", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mime-types", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mime-types-data", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mimemagic", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mini_mime", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mini_portile2", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ms_rest", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ms_rest_azure", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-multi_json", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-multipart-post", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mustermann", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ldap", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ping", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-scp", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh-krb", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-netrc", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-newt", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-nio4r", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-nokogiri", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-oauth", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-openscap", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-optimist", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-os", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt-engine-sdk", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt_provision_plugin", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-parse-cron", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native-libs", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pg", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-polyglot", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-powerbar", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-prometheus-client", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-promise.rb", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-public_suffix", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_2to3_migration_client", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_ansible_client", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_certguard_client", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_container_client", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_deb_client", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_file_client", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-scoped_search", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sd_notify", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-secure_headers", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sequel", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-server_sent_events", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sexp_processor", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sidekiq", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-signet", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sinatra", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_ansible", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dhcp_infoblox", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dhcp_remote_isc", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_discovery", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_discovery_image", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dns_infoblox", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow_core", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-safemode", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_openscap", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_pulp", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_remote_execution_ssh", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sprockets", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sprockets-rails", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sqlite3", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sshkey", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-statsd-instrument", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-stomp", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-text", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-thor", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-thread_safe", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-tilt", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-timeliness", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-tzinfo", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-uber", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf_ext", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode-display_width", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-validates_lengths_from_database", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-webpack-rails", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-websocket-driver", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-websocket-extensions", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-will_paginate", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-xmlrpc", "p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-zeitwerk", "p-cpe:/a:redhat:enterprise_linux:tfm-runtime"], "id": "REDHAT-RHSA-2021-1313.NASL", "href": "https://www.tenable.com/plugins/nessus/148903", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1313. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148903);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2017-2662\",\n \"CVE-2019-18874\",\n \"CVE-2020-9402\",\n \"CVE-2020-11612\",\n \"CVE-2020-14335\",\n \"CVE-2020-25633\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1313\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 7 : Satellite 6.9 Release (Moderate) (RHSA-2021:1313)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1313 advisory.\n\n - rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection\n responses (CVE-2015-1820)\n\n - rubygem-rest-client: unsanitized application logging (CVE-2015-3448)\n\n - foreman: Managing repositories with their id via hammer does not respect the role filters (CVE-2017-2662)\n\n - rack-protection: Timing attack in authenticity_token.rb (CVE-2018-1000119)\n\n - rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)\n\n - python-psutil: Double free because of refcount mishandling (CVE-2019-18874)\n\n - netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n - foreman: world-readable OMAPI secret through the ISC DHCP server (CVE-2020-14335)\n\n - rubygem-activeview: Cross-site scripting in translation helpers (CVE-2020-15169)\n\n - resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's\n WebApplicationException handling (CVE-2020-25633)\n\n - rubygem-activestorage: circumvention of file size limits in ActiveStorage (CVE-2020-8162)\n\n - rubygem-actionpack: possible strong parameters bypass (CVE-2020-8164)\n\n - rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and\n RedisCacheStore (CVE-2020-8165)\n\n - rubygem-actionpack: ability to forge per-form CSRF tokens given a global CSRF token (CVE-2020-8166)\n\n - rubygem-actionview: CSRF vulnerability in rails-ujs (CVE-2020-8167)\n\n - rubygem-rails: untrusted users able to run pending migrations in production (CVE-2020-8185)\n\n - django: potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle\n (CVE-2020-9402)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2015-1820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2015-3448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-2662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-9402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14335\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1205291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1240982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1434106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1534027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1772014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1789100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1810088\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1816216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1842634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1843005\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1843072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1843084\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1843152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1858302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1877566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879042\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9402\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 79, 89, 119, 200, 201, 209, 250, 352, 385, 400, 416, 532, 862);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-collection-redhat-satellite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-runner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansiblerole-foreman_scap_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansiblerole-insights-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansiblerole-satellite-receptor-installer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:candlepin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:candlepin-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:crane-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:createrepo_c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:createrepo_c-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat-tftpboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image-service\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image-service-tui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-dynflow-sidekiq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-gce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-installer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-installer-katello\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-journald\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-openstack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-ovirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-proxy-content\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-proxy-journald\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-proxy-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-service\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-telemetry\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:foreman-vmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:hfsplus-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-certs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-client-bootstrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:keycloak-httpd-client-install\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kobo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libcomps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libmodulemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libmodulemd2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsolv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libwebsockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:livecd-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_passenger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_xsendfile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ostree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcp-mmvstatsd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-admin-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-docker-admin-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-docker-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-katello\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-maintenance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-nodes-child\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-nodes-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-nodes-parent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-ostree-admin-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-ostree-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-puppet-admin-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-puppet-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-rpm-admin-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-rpm-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pulpcore-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:puppet-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:puppet-agent-oauth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:puppet-foreman_scap_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:puppetlabs-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:puppetserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pycairo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-blinker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-bson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-gofer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-gofer-qpid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-imgcreate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-kid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-mongoengine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-nectar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-oauth2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-agent-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-bindings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-client-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-docker-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-integrity\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-oid_validation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-ostree-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-repoauth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pulp-streamer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pymongo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-pymongo-gridfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-qpid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-qpid-proton\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-qpid-qmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-saslwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-semantic_version\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-simplejson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-zope-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-amqp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-ansible-runner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-anyjson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-billiard\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-celery\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-click\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-crane\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-flask\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-future\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-gobject-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-isodate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-itsdangerous\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-jinja2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-jmespath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-keycloak-httpd-client-install\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-kombu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-lockfile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-markupsafe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-okaara\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-pexpect\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-psutil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-ptyprocess\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-pycurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-solv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-twisted\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-vine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-werkzeug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-aiodns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-aiofiles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-aiohttp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-async-timeout\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-attrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-backoff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-cairo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-certifi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-cffi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-chardet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-click\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-createrepo_c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-cryptography\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-dateutil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-defusedxml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-diff-match-patch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-django\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-django-currentuser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-django-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-django-guardian\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-django-import-export\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-django-lifecycle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-django-prometheus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-django-readonly-field\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-djangorestframework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-djangorestframework-queryfields\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-drf-access-policy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-drf-nested-routers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-drf-spectacular\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-dynaconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ecdsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-et-xmlfile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-future\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-gobject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-gobject-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-gunicorn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-idna\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-idna-ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-importlib-metadata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-inflection\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-iniparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-jdcal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-jinja2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-jsonschema\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-libcomps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-markuppy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-markupsafe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-mongoengine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-multidict\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-odfpy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-openpyxl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-productmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-prometheus-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-psycopg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pulp-2to3-migration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pulp-certguard\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pulp-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pulp-file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pulp-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pulpcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pyOpenSSL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pycares\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pycparser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pycryptodomex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pygtrie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pyjwkest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pyjwt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pymongo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pyrsistent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pytz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-pyyaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-receptor-satellite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-redis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-requests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-rq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-semantic-version\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-six\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-solv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-sqlparse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-subscription-manager-rhsm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-tablib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-typing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-typing-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-uritemplate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-url-normalize\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-urllib3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-urlman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-whitenoise\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-xlrd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-xlwt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-yarl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-zipp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-linearstore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-router\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-proton-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-qmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qpid-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:receptor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:redhat-access-insights-puppet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:repoview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-postgresql12-postgresql-evr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhel8-kickstart-setup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-facter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-fast_gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-highline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-oauth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-passenger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:saslwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:satellite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:satellite-capsule\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:satellite-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:satellite-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:satellite-debug-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:satellite-installer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actioncable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionmailbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actiontext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activejob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-import\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-session_store\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activestorage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-addressable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-algebrick\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-amazing_print\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ancestry\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-anemone\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-angular-rails-templates\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ansi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-bindings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-dsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-params\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-audited\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_compute\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_resources\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-azure_mgmt_subscriptions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-builder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bundler_ext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-clamp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-coffee-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-coffee-script\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-coffee-script-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-concurrent-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-concurrent-ruby-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-connection_pool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-crass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-css_parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deacon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-declarative\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-declarative-option\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deep_cloneable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-diffy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-domain_name\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-dynflow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-erubi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-excon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-execjs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-facter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday-cookie_jar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fast_gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ffi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-google\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-kubevirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-openstack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-ovirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-vsphere\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible_core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_azure_rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_bootdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_discovery\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_hooks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_kubevirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_leapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_openscap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution-cockpit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution_core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_rh_cloud\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_templates\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_theme_satellite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_virt_who_configure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-formatador\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-friendly_id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-get_process_mem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gettext_i18n_rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gitlab-sidekiq-fetcher\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-globalid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-google-api-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-google-cloud-env\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-googleauth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-graphql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-graphql-batch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_azure_rm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_bootdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_discovery\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_kubevirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_leapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_openscap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_remote_execution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_tasks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_templates\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_virt_who_configure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_katello\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hashie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-highline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-cookie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-form_data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http_parser.rb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-httpclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-infoblox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ipaddress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jgrep\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-logger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jwt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kafo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kafo_parsers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kafo_wizards\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-katello\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kubeclient\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ldap_fluff\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-little-plugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-locale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging-journald\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-loofah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mail\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-marcel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-memoist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-method_source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mime-types\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mime-types-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mimemagic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mini_mime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mini_portile2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ms_rest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ms_rest_azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-multi_json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-multipart-post\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-mustermann\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ping\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-scp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh-krb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-netrc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-newt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-nio4r\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-nokogiri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-oauth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-openscap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-optimist\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-os\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt-engine-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt_provision_plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-parse-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-polyglot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-powerbar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-prometheus-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-promise.rb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-public_suffix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_2to3_migration_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_ansible_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_certguard_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_container_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_deb_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_file_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulp_rpm_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pulpcore_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-puma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-puma-plugin-systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-quantile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rabl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-cors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-jsonp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-protection\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-dom-testing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-html-sanitizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rainbow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rb-inotify\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbovirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbvmomi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-record_tag_helper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-recursive-open-struct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redfish_client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access_lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-representable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-responders\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rest-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-retriable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rkerberos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-robotex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rsec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby2ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby_parser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rubyipmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-runcible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-safemode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-scoped_search\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sd_notify\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-secure_headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sequel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-server_sent_events\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sexp_processor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sidekiq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-signet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sinatra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dhcp_infoblox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dhcp_remote_isc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_discovery\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_discovery_image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dns_infoblox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow_core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_openscap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_pulp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_remote_execution_ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sprockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sprockets-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sshkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-statsd-instrument\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-stomp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-text\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-thor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-thread_safe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-tilt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-timeliness\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-tzinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-uber\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf_ext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode-display_width\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-validates_lengths_from_database\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-webpack-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-websocket-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-websocket-extensions\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-will_paginate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-zeitwerk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tfm-runtime\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.9/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.9/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.9/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/satellite/6.9/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/satellite/6.9/os',\n 'content/dist/rhel/server/7/7Server/x86_64/satellite/6.9/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ansible-collection-redhat-satellite-2.0.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'ansible-runner-1.4.6-1.el7ar', 'release':'7', 'el_string':'el7ar', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'ansiblerole-foreman_scap_client-0.1.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'ansiblerole-insights-client-1.7.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'candlepin-3.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'candlepin-selinux-3.1.26-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'crane-selinux-3.5.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'createrepo_c-0.17.1-1.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'createrepo_c-libs-0.17.1-1.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-bootloaders-redhat-202005201200-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-cli-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-debug-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-discovery-image-3.7.4-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'foreman-discovery-image-service-1.0.0-4.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-discovery-image-service-tui-1.0.0-4.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-dynflow-sidekiq-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-ec2-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-gce-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-installer-2.3.1.10-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'foreman-installer-katello-2.3.1.10-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'foreman-journald-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-libvirt-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-openstack-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-ovirt-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-postgresql-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-proxy-2.3.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-proxy-content-3.18.1-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-proxy-journald-2.3.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-proxy-selinux-2.3.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-selinux-2.3.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-service-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-telemetry-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'foreman-vmware-2.3.1.20-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'hfsplus-tools-332.14-12.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'katello-3.18.1-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'katello-certs-tools-2.7.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'katello-client-bootstrap-1.7.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'katello-common-3.18.1-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'katello-debug-3.18.1-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'katello-selinux-3.5.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'keycloak-httpd-client-install-1.2.2-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'kobo-0.5.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'libcomps-0.1.15-1.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'libmodulemd-1.7.0-1.pulp.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'libmodulemd2-2.9.3-1.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'libsolv-0.7.12-2.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'libwebsockets-2.4.2-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'livecd-tools-20.4-1.6.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'mod_passenger-4.0.18-24.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'mod_xsendfile-0.12-11.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'ostree-2017.1-2.atomic.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pcp-mmvstatsd-0.4-2.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-admin-client-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-docker-admin-extensions-3.2.9-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-docker-plugins-3.2.9-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-katello-1.0.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-maintenance-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-nodes-child-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-nodes-common-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-nodes-parent-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-ostree-admin-extensions-1.3.1-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-ostree-plugins-1.3.1-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-puppet-admin-extensions-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-puppet-plugins-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-puppet-tools-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-rpm-admin-extensions-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-rpm-plugins-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-selinux-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulp-server-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pulpcore-selinux-1.2.3-2.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'puppet-agent-6.19.1-2.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'puppet-agent-oauth-0.5.1-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'puppet-foreman_scap_client-0.4.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'puppetlabs-stdlib-5.2.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'puppetserver-6.14.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'pycairo-1.16.3-9.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-blinker-1.3-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-bson-3.2-2.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-gnupg-0.3.7-1.el7ui', 'release':'7', 'el_string':'el7ui', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-gofer-2.12.5-7.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-gofer-qpid-2.12.5-7.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-imgcreate-20.4-1.6.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'python-kid-0.9.6-11.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-mongoengine-0.10.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-nectar-1.6.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-oauth2-1.5.211-8.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pulp-agent-lib-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pulp-bindings-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pulp-client-lib-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pulp-common-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pulp-docker-common-3.2.9-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pulp-integrity-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pulp-oid_validation-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pulp-ostree-common-1.3.1-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pulp-puppet-common-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pulp-repoauth-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pulp-rpm-common-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pulp-streamer-2.21.5-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pymongo-3.2-2.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-pymongo-gridfs-3.2-2.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-qpid-1.35.0-5.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-qpid-proton-0.28.0-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-qpid-qmf-1.36.0-28.el7amq', 'cpu':'x86_64', 'release':'7', 'el_string':'el7amq', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-saslwrapper-0.22-5.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-semantic_version-2.2.0-6.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-simplejson-3.2.0-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python-zope-interface-4.0.5-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-amqp-2.2.2-5.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-ansible-runner-1.4.6-1.el7ar', 'release':'7', 'el_string':'el7ar', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-anyjson-0.3.3-11.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-billiard-3.5.0.3-3.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'python2-celery-4.0.2-9.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-click-6.7-9.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-crane-3.3.1-9.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-daemon-2.1.2-7.el7at', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-django-1.11.29-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-flask-0.12.2-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'python2-future-0.16.0-11.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-gobject-3.28.3-2.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-gobject-base-3.28.3-2.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-isodate-0.5.4-12.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-itsdangerous-0.24-15.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-jinja2-2.10-10.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-jmespath-0.9.0-6.el7_7', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-keycloak-httpd-client-install-1.2.2-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-kombu-4.0.2-14.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'exists_check':'satellite-6'},\n {'reference':'python2-lockfile-0.11.0-10.el7ar', 'release':'7', 'el_string':'el7ar', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'python2-markupsafe-0.23-21.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-okaara-1.0.37-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-pexpect-4.6-1.el7at', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-psutil-5.7.2-2.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-ptyprocess-0.5.2-3.el7at', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-pycurl-7.43.0.2-4.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-solv-0.7.12-2.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-twisted-16.4.1-12.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python2-vine-1.1.3-6.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10', 'exists_check':'satellite-6'},\n {'reference':'python2-werkzeug-0.12.2-5.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-aiodns-2.0.0-3.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-aiofiles-0.6.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-aiohttp-3.6.2-4.el7ar', 'cpu':'x86_64', 'release':'7', 'el_string':'el7ar', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-async-timeout-3.0.1-2.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-attrs-19.3.0-2.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-backoff-1.10.0-3.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-cairo-1.10.0-25.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-certifi-2020.6.20-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-cffi-1.14.3-1.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-chardet-3.0.4-10.el7ar', 'release':'7', 'el_string':'el7ar', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-chardet-3.0.4-3.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-click-7.1.2-3.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-createrepo_c-0.17.1-1.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-cryptography-2.9.2-1.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-dateutil-2.8.1-3.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-defusedxml-0.6.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-diff-match-patch-20200713-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-django-2.2.18-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-django-currentuser-0.5.1-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-django-filter-2.3.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-django-guardian-2.3.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-django-import-export-2.3.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-django-lifecycle-0.8.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-django-prometheus-2.1.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-django-readonly-field-1.0.5-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-djangorestframework-3.11.2-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-djangorestframework-queryfields-1.0.0-3.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-drf-access-policy-0.7.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-drf-nested-routers-0.91-2.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-drf-spectacular-0.9.13-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-dynaconf-3.1.2-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-ecdsa-0.13.3-2.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-et-xmlfile-1.0.1-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-future-0.18.2-3.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-gnupg-0.4.6-3.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-gobject-3.22.0-8.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-gobject-base-3.22.0-8.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-gunicorn-20.0.4-2.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-idna-2.10-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-idna-ssl-1.1.0-3.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-importlib-metadata-1.7.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-inflection-0.5.1-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-iniparse-0.4-33.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-jdcal-1.4.1-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-jinja2-2.11.2-3.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-jsonschema-3.2.0-4.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-libcomps-0.1.15-1.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-markuppy-1.14-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-markupsafe-1.1.1-4.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-mongoengine-0.20.0-3.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-multidict-4.7.6-1.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-odfpy-1.4.1-2.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-openpyxl-3.0.5-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-productmd-1.31-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-prometheus-client-0.7.1-2.el7ar', 'release':'7', 'el_string':'el7ar', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-psycopg2-2.8.6-1.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pulp-2to3-migration-0.10.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pulp-certguard-1.0.3-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pulp-container-2.1.1-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pulp-file-1.3.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pulp-rpm-3.9.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pulpcore-3.7.3-2.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pycares-3.1.1-2.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pycparser-2.20-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pycryptodomex-3.9.8-1.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pygtrie-2.3.3-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pyjwkest-1.4.2-2.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pyjwt-1.7.1-3.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pymongo-3.11.0-3.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pyOpenSSL-19.1.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pyrsistent-0.17.3-1.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pytz-2020.4-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-pyyaml-5.3.1-3.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-receptor-satellite-1.3.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-redis-3.5.3-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-requests-2.24.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-rpm-4.11.3-8.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-rq-1.5.2-2.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-semantic-version-2.8.5-3.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-six-1.15.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-solv-0.7.12-2.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-sqlparse-0.4.1-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-subscription-manager-rhsm-1.27.5-4.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-tablib-2.0.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-typing-3.7.4.3-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-typing-extensions-3.7.4.3-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-uritemplate-3.0.1-2.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-url-normalize-1.4.3-2.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-urllib3-1.25.11-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-urlman-1.3.0-2.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-whitenoise-5.2.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-xlrd-1.2.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-xlwt-1.3.0-1.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-yarl-1.6.2-1.el7pc', 'cpu':'x86_64', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'python3-zipp-3.4.0-2.el7pc', 'release':'7', 'el_string':'el7pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'qpid-cpp-client-1.36.0-28.el7amq', 'cpu':'x86_64', 'release':'7', 'el_string':'el7amq', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'qpid-cpp-client-devel-1.36.0-28.el7amq', 'cpu':'x86_64', 'release':'7', 'el_string':'el7amq', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'qpid-cpp-server-1.36.0-28.el7amq', 'cpu':'x86_64', 'release':'7', 'el_string':'el7amq', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'qpid-cpp-server-linearstore-1.36.0-28.el7amq', 'cpu':'x86_64', 'release':'7', 'el_string':'el7amq', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'qpid-dispatch-router-1.5.0-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'qpid-dispatch-tools-1.5.0-4.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'qpid-proton-c-0.28.0-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'qpid-qmf-1.36.0-28.el7amq', 'cpu':'x86_64', 'release':'7', 'el_string':'el7amq', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'qpid-tools-1.36.0-28.el7amq', 'release':'7', 'el_string':'el7amq', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'receptor-0.6.3-1.el7ar', 'release':'7', 'el_string':'el7ar', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'redhat-access-insights-puppet-1.0.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'repoview-0.6.6-11.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'rh-postgresql12-postgresql-evr-0.0.2-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'rhel8-kickstart-setup-0.0.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'rubygem-facter-2.4.1-2.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'rubygem-fast_gettext-1.1.0-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'rubygem-foreman_scap_client-0.4.7-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'rubygem-highline-1.7.8-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'rubygem-oauth-0.5.4-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'rubygem-passenger-4.0.18-24.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'rubygem-passenger-native-4.0.18-24.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'rubygem-passenger-native-libs-4.0.18-24.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'rubygem-rack-1.6.12-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'rubygem-rake-0.9.2.2-41.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'saslwrapper-0.22-5.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'satellite-6.9.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'satellite-capsule-6.9.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'satellite-cli-6.9.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'satellite-common-6.9.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'satellite-debug-tools-6.9.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'satellite-installer-6.9.0.10-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-actioncable-6.0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-actionmailbox-6.0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-actionmailer-6.0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-actionpack-6.0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-actiontext-6.0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-actionview-6.0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-activejob-6.0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-activemodel-6.0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-activerecord-6.0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-activerecord-import-1.0.0-6.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-activestorage-6.0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-activesupport-6.0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-addressable-2.6.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-algebrick-0.7.3-6.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-amazing_print-1.1.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-ancestry-3.0.7-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-anemone-0.7.2-22.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-ansi-1.5.0-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-apipie-bindings-0.4.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-apipie-dsl-2.3.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-apipie-params-0.0.5-5.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-apipie-rails-0.5.17-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-audited-4.9.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-bcrypt-3.1.12-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-builder-3.2.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-bundler_ext-0.4.1-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-clamp-1.1.2-5.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-coffee-rails-5.0.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-coffee-script-2.4.1-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-coffee-script-source-1.12.2-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-connection_pool-2.2.2-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-crass-1.0.6-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-css_parser-1.4.7-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-daemons-1.2.3-7.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-deacon-1.0.0-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-declarative-0.0.10-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-declarative-option-0.1.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-deep_cloneable-3.0.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-deface-1.5.3-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-diffy-3.0.1-6.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-domain_name-0.5.20160310-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-erubi-1.9.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-excon-0.76.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-execjs-2.7.0-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-facter-2.4.0-6.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-faraday-0.17.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-faraday_middleware-0.13.1-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-fast_gettext-1.4.1-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-ffi-1.12.2-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-fog-aws-3.6.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-fog-core-2.1.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-fog-google-1.11.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-fog-json-1.2.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-fog-libvirt-0.7.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-fog-openstack-1.0.8-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-fog-ovirt-1.2.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-fog-vsphere-3.4.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-fog-xml-0.1.2-8.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman-tasks-3.0.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_ansible-6.1.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_ansible_core-4.0.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_azure_rm-2.1.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_discovery-16.3.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_hooks-0.3.17-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_kubevirt-0.1.8-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_leapp-0.1.6-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_openscap-4.1.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_remote_execution-4.2.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_remote_execution-cockpit-4.2.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_remote_execution_core-1.4.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_rh_cloud-3.0.18.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_templates-9.0.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_theme_satellite-7.0.1.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-foreman_virt_who_configure-0.5.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-formatador-0.2.1-11.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-friendly_id-5.3.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-fx-0.5.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-get_process_mem-0.2.1-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-gettext-3.1.4-10.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-git-1.5.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-gitlab-sidekiq-fetcher-0.6.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-globalid-0.4.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-google-api-client-0.33.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-google-cloud-env-1.3.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-googleauth-0.13.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-graphql-1.8.14-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-graphql-batch-0.3.10-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-gssapi-1.2.0-6.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli-2.3.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman-2.3.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman_docker-0.0.7-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman_openscap-0.1.12-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman_tasks-0.0.15-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.7-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hammer_cli_katello-0.24.0.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-hashie-3.6.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-highline-1.7.8-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-http-3.3.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-http-cookie-1.0.2-5.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-http-form_data-2.1.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-http_parser.rb-0.6.0-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-httpclient-2.8.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-i18n-1.8.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-infoblox-3.0.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-ipaddress-0.8.0-11.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-jgrep-1.3.3-12.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-journald-logger-2.0.4-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-journald-native-1.0.11-2.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-jwt-2.2.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-kafo-6.2.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-kafo_parsers-1.1.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-kafo_wizards-0.0.1-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-katello-3.18.1.22-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-kubeclient-4.3.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-ldap_fluff-0.4.7-5.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-little-plugger-1.1.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-locale-2.0.9-13.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-logging-2.3.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-logging-journald-2.0.0-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-loofah-2.4.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-mail-2.7.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-marcel-0.3.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-memoist-0.16.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-method_source-0.9.2-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-mime-types-3.2.2-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-mimemagic-0.3.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-mini_mime-1.0.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-mini_portile2-2.4.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-ms_rest-0.7.4-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-multi_json-1.14.1-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-multipart-post-2.0.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-mustermann-1.0.2-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-net-ldap-0.16.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-net-ping-2.0.1-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-net-scp-1.2.1-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-net-ssh-4.2.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-netrc-0.11.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-newt-0.9.7-2.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-nio4r-2.5.4-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-nokogiri-1.10.9-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-oauth-0.5.4-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-openscap-0.4.9-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-optimist-3.0.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-os-1.0.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-ovirt-engine-sdk-4.3.0-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-parse-cron-0.1.4-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-passenger-4.0.18-26.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-passenger-native-4.0.18-26.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-pg-1.1.4-2.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-polyglot-0.3.5-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-powerbar-2.0.1-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-prometheus-client-1.0.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-promise.rb-0.7.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-public_suffix-3.0.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-pulp_2to3_migration_client-0.7.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-pulp_ansible_client-0.4.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-pulp_certguard_client-1.0.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-pulp_container_client-2.1.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-pulp_deb_client-2.7.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-pulp_file_client-1.3.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-pulp_rpm_client-3.9.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-pulpcore_client-3.7.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-puma-4.3.6-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-quantile-0.2.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rabl-0.14.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rack-2.2.3-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rack-cors-1.0.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rack-jsonp-1.3.1-9.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rack-protection-2.0.3-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rack-test-1.1.0-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rails-6.0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rails-i18n-6.0.0-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-railties-6.0.3.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rainbow-2.2.1-5.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rb-inotify-0.9.7-5.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rbovirt-0.1.7-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rbvmomi-2.2.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-record_tag_helper-1.0.1-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-redfish_client-0.5.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-redhat_access-2.2.19-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-redis-4.1.2-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-representable-3.0.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-responders-3.0.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rest-client-2.0.2-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-retriable-3.1.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rkerberos-0.1.5-18.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-roadie-3.4.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-roadie-rails-2.1.1-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-robotex-1.0.0-21.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rsec-0.4.3-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-ruby-libvirt-0.7.1-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-ruby2ruby-2.4.2-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-ruby_parser-3.10.1-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-rubyipmi-0.10.0-6.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-runcible-2.13.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-safemode-1.3.6-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-scoped_search-4.1.9-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-sd_notify-0.1.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-secure_headers-6.3.0-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-sequel-5.7.1-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-server_sent_events-0.1.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-sexp_processor-4.10.0-5.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-sidekiq-5.2.7-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-signet-0.14.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-sinatra-2.0.3-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-smart_proxy_ansible-3.0.1-6.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-smart_proxy_discovery-1.0.5-6.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-smart_proxy_discovery_image-1.3.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-smart_proxy_dns_infoblox-1.1.0-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-smart_proxy_dynflow-0.3.0-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-smart_proxy_dynflow_core-0.3.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-smart_proxy_openscap-0.7.4-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-smart_proxy_pulp-2.1.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.1-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-sprockets-4.0.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-sprockets-rails-3.2.1-6.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-sqlite3-1.3.13-5.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-sshkey-1.9.0-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-statsd-instrument-2.1.4-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-stomp-1.4.9-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-text-1.3.0-7.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-thor-1.0.1-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-thread_safe-0.3.6-5.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-tilt-2.0.8-4.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-timeliness-0.3.10-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-tzinfo-1.2.6-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-uber-0.1.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-unf-0.1.3-7.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-unf_ext-0.0.7.2-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-unicode-0.4.4.4-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-unicode-display_width-1.0.5-5.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-webpack-rails-0.9.8-6.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-websocket-driver-0.7.1-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-websocket-extensions-0.1.5-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-will_paginate-3.1.7-3.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-xmlrpc-0.3.0-2.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-rubygem-zeitwerk-2.2.2-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},\n {'reference':'tfm-runtime-6.1-4.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ansible-collection-redhat-satellite / ansible-runner / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-31T15:25:52", "description": "Multiple vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the application.\n\nCVE-2020-8163\n\nA code injection vulnerability in Rails would allow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.\n\nCVE-2020-8164\n\nA deserialization of untrusted data vulnerability exists in rails which can allow an attacker to supply information can be inadvertently leaked from Strong Parameters.\n\nCVE-2020-8165\n\nA deserialization of untrusted data vulnernerability exists in rails that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.\n\nFor Debian 9 stretch, these problems have been fixed in version 2:4.2.7.1-1+deb9u3.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rails\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-21T00:00:00", "type": "nessus", "title": "Debian DLA-2282-1 : rails security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8163", "CVE-2020-8164", "CVE-2020-8165"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "p-cpe:/a:debian:debian_linux:ruby-actionmailer", "p-cpe:/a:debian:debian_linux:ruby-actionpack", "p-cpe:/a:debian:debian_linux:ruby-actionview", "p-cpe:/a:debian:debian_linux:ruby-activejob", "p-cpe:/a:debian:debian_linux:ruby-activemodel", "p-cpe:/a:debian:debian_linux:ruby-activerecord", "p-cpe:/a:debian:debian_linux:ruby-activesupport", "p-cpe:/a:debian:debian_linux:ruby-rails", "p-cpe:/a:debian:debian_linux:ruby-railties", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2282.NASL", "href": "https://www.tenable.com/plugins/nessus/138781", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2282-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138781);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-8163\", \"CVE-2020-8164\", \"CVE-2020-8165\");\n\n script_name(english:\"Debian DLA-2282-1 : rails security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\nCVE-2020-8163\n\nA code injection vulnerability in Rails would allow an attacker who\ncontrolled the `locals` argument of a `render` call to perform a RCE.\n\nCVE-2020-8164\n\nA deserialization of untrusted data vulnerability exists in rails\nwhich can allow an attacker to supply information can be inadvertently\nleaked from Strong Parameters.\n\nCVE-2020-8165\n\nA deserialization of untrusted data vulnernerability exists in rails\nthat can allow an attacker to unmarshal user-provided objects in\nMemCacheStore and RedisCacheStore potentially resulting in an RCE.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:4.2.7.1-1+deb9u3.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/rails\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/rails\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activejob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"rails\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-actionmailer\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-actionpack\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-actionview\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activejob\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activemodel\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activerecord\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activesupport\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-rails\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-railties\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:30:49", "description": "The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3023 advisory.\n\n - In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2. (CVE-2019-16770)\n\n - In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.\n (CVE-2020-5247)\n\n - Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability. (CVE-2022-23634)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-26T00:00:00", "type": "nessus", "title": "Debian DLA-3023-1 : puma - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16254", "CVE-2019-16770", "CVE-2020-5247", "CVE-2022-23634"], "modified": "2022-05-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:puma", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-3023.NASL", "href": "https://www.tenable.com/plugins/nessus/161515", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3023. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161515);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/26\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2020-5247\", \"CVE-2022-23634\");\n\n script_name(english:\"Debian DLA-3023-1 : puma - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the\ndla-3023 advisory.\n\n - In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to\n monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are\n opened than there are threads available, additional connections will wait permanently if the attacker\n sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2. (CVE-2019-16770)\n\n - In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a\n response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header\n and inject malicious content, such as additional headers or an entirely new response body. This\n vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a\n vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254,\n which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and\n 3.12.3 by checking all headers for line endings and rejecting headers with those characters.\n (CVE-2020-5247)\n\n - Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not\n always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body\n being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of\n these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information\n leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions\n 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the\n vulnerability. (CVE-2022-23634)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/puma\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-3023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2019-16770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-5247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-23634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/puma\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the puma packages.\n\nFor Debian 9 stretch, these problems have been fixed in version 3.6.0-1+deb9u2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-5247\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:puma\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'puma', 'reference': '3.6.0-1+deb9u2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'puma');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:21", "description": "A potential Cross-Site Scripting (XSS) vulnerability was found in rails, a ruby based MVC framework. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped.\n\nFor Debian 9 stretch, this problem has been fixed in version 2:4.2.7.1-1+deb9u4.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rails\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-10-12T00:00:00", "type": "nessus", "title": "Debian DLA-2403-1 : rails security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15169"], "modified": "2020-10-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "p-cpe:/a:debian:debian_linux:ruby-actionmailer", "p-cpe:/a:debian:debian_linux:ruby-actionpack", "p-cpe:/a:debian:debian_linux:ruby-actionview", "p-cpe:/a:debian:debian_linux:ruby-activejob", "p-cpe:/a:debian:debian_linux:ruby-activemodel", "p-cpe:/a:debian:debian_linux:ruby-activerecord", "p-cpe:/a:debian:debian_linux:ruby-activesupport", "p-cpe:/a:debian:debian_linux:ruby-rails", "p-cpe:/a:debian:debian_linux:ruby-railties", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2403.NASL", "href": "https://www.tenable.com/plugins/nessus/141379", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2403-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141379);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/15\");\n\n script_cve_id(\"CVE-2020-15169\");\n\n script_name(english:\"Debian DLA-2403-1 : rails security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A potential Cross-Site Scripting (XSS) vulnerability was found in\nrails, a ruby based MVC framework. Views that allow the user to\ncontrol the default (not found) value of the `t` and `translate`\nhelpers could be susceptible to XSS attacks. When an HTML-unsafe\nstring is passed as the default for a missing translation key named\nhtml or ending in _html, the default string is incorrectly marked as\nHTML-safe and not escaped.\n\nFor Debian 9 stretch, this problem has been fixed in version\n2:4.2.7.1-1+deb9u4.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/rails\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/rails\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activejob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"rails\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-actionmailer\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-actionpack\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-actionview\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activejob\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activemodel\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activerecord\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activesupport\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-rails\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-railties\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:22:53", "description": "Ruby on Rails blog :\n\nRails 5.2.4.4 and 6.0.3.3 have been released! These releases contain an important security fix, so please upgrade when you can.\n\nBoth releases contain the following fix: [CVE-2020-15169] Potential XSS vulnerability in Action View", "cvss3": {}, "published": "2020-09-14T00:00:00", "type": "nessus", "title": "FreeBSD : Rails -- Potential XSS vulnerability (7b630362-f468-11ea-a96c-08002728f74c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15169"], "modified": "2020-09-21T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-actionview52", "p-cpe:/a:freebsd:freebsd:rubygem-actionview60", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_7B630362F46811EAA96C08002728F74C.NASL", "href": "https://www.tenable.com/plugins/nessus/140558", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140558);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/21\");\n\n script_cve_id(\"CVE-2020-15169\");\n\n script_name(english:\"FreeBSD : Rails -- Potential XSS vulnerability (7b630362-f468-11ea-a96c-08002728f74c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ruby on Rails blog :\n\nRails 5.2.4.4 and 6.0.3.3 have been released! These releases contain\nan important security fix, so please upgrade when you can.\n\nBoth releases contain the following fix: [CVE-2020-15169] Potential\nXSS vulnerability in Action View\"\n );\n # https://weblog.rubyonrails.org/2020/9/10/Rails-5-2-4-4-and-6-0-3-3-have-been-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?378db660\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/b-C9kSGXYrc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e6b7941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/rails/rails/blob/5-2-stable/actionview/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/rails/rails/blob/6-0-stable/actionview/CHANGELOG.md\"\n );\n # https://vuxml.freebsd.org/freebsd/7b630362-f468-11ea-a96c-08002728f74c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?de9872c7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview60\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview52<5.2.4.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview60<6.0.3.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:02:22", "description": "Ruby on Rails blog :\n\nRails 6.0.3.2 has been released! This version of Rails contains an important security patch, and you should upgrade! The release contains only one patch that addresses CVE-2020-8185.", "cvss3": {}, "published": "2020-06-23T00:00:00", "type": "nessus", "title": "FreeBSD : Rails -- permission vulnerability (feb8afdc-b3e5-11ea-9df5-08002728f74c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8185"], "modified": "2020-07-10T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:rubygem-actionpack60"], "id": "FREEBSD_PKG_FEB8AFDCB3E511EA9DF508002728F74C.NASL", "href": "https://www.tenable.com/plugins/nessus/137738", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137738);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2020-8185\");\n\n script_name(english:\"FreeBSD : Rails -- permission vulnerability (feb8afdc-b3e5-11ea-9df5-08002728f74c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ruby on Rails blog :\n\nRails 6.0.3.2 has been released! This version of Rails contains an\nimportant security patch, and you should upgrade! The release contains\nonly one patch that addresses CVE-2020-8185.\"\n );\n # https://weblog.rubyonrails.org/2020/6/17/Rails-6-0-3-2-has-been-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26ba3bcb\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/rails/rails/blob/6-0-stable/actionpack/CHANGELOG.md\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/pAe9EV8gbM0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8a8b3fd\"\n );\n # https://vuxml.freebsd.org/freebsd/feb8afdc-b3e5-11ea-9df5-08002728f74c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6e3119e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8185\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionpack60\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionpack60<6.0.3.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:10:15", "description": "This update for rubygem-actionpack-5_1 fixes the following issues :\n\n - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. (bsc#1172177)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-09-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1536)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8164"], "modified": "2020-10-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-5_1", "p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-doc-5_1", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1536.NASL", "href": "https://www.tenable.com/plugins/nessus/141074", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1536.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141074);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/05\");\n\n script_cve_id(\"CVE-2020-8164\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1536)\");\n script_summary(english:\"Check for the openSUSE-2020-1536 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rubygem-actionpack-5_1 fixes the following issues :\n\n - CVE-2020-8164: Possible Strong Parameters Bypass in\n ActionPack. There is a strong parameters bypass vector\n in ActionPack. (bsc#1172177)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rubygem-actionpack-5_1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-doc-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ruby2.5-rubygem-actionpack-5_1-5.1.4-lp152.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-lp152.5.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5-rubygem-actionpack-5_1 / ruby2.5-rubygem-actionpack-doc-5_1\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:11:00", "description": "This update for rubygem-activesupport-5_1 fixes the following issues :\n\n - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution (bsc#1172186)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-10-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-activesupport-5_1 (openSUSE-2020-1679)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8165"], "modified": "2020-10-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.5-rubygem-activesupport-5_1", "p-cpe:/a:novell:opensuse:ruby2.5-rubygem-activesupport-doc-5_1", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1679.NASL", "href": "https://www.tenable.com/plugins/nessus/141523", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1679.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141523);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/21\");\n\n script_cve_id(\"CVE-2020-8165\");\n\n script_name(english:\"openSUSE Security Update : rubygem-activesupport-5_1 (openSUSE-2020-1679)\");\n script_summary(english:\"Check for the openSUSE-2020-1679 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rubygem-activesupport-5_1 fixes the following issues :\n\n - CVE-2020-8165: Fixed deserialization of untrusted data\n in MemCacheStore potentially resulting in remote code\n execution (bsc#1172186)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rubygem-activesupport-5_1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-activesupport-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-activesupport-doc-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ruby2.5-rubygem-activesupport-5_1-5.1.4-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-lp152.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5-rubygem-activesupport-5_1 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2022-11-06T17:59:05", "description": "An update that fixes 16 vulnerabilities is now available.\n\nDescription:\n\n This update for rmt-server fixes the following issues:\n\n Update to version 2.6.5:\n - Solved potential bug of SCC repository URLs changing over time. RMT now\n self heals by removing the previous invalid repository and creating the\n correct one.\n - Add web server settings to /etc/rmt.conf: Now it's possible to configure\n the minimum and maximum threads count as well the number of web server\n workers to be booted through /etc/rmt.conf.\n - Instead of using an MD5 of URLs for custom repository friendly_ids, RMT\n now builds an ID from the name.\n - Fix RMT file caching based on timestamps: Previously, RMT sent GET\n requests with the header 'If-Modified-Since' to a repository server and\n if the response had a 304 (Not Modified), it would copy a file from the\n local cache instead of downloading. However, if the local file timestamp\n accidentally changed to a date newer than the one on the repository\n server, RMT would have an outdated file, which caused some errors. Now,\n RMT makes HEAD requests to the repositories servers and inspect the\n 'Last-Modified' header to decide whether to download a file or copy it\n from cache, by comparing the equalness of timestamps.\n - Fixed an issue where relative paths supplied to `rmt-cli import repos`\n caused the command to fail.\n - Friendlier IDs for custom repositories: In an effort to simplify the\n handling of SCC and custom repositories, RMT now has friendly IDs. For\n SCC repositories, it's the same SCC ID as before. For custom\n repositories, it can either be user provided\n or RMT generated (MD5 of the provided URL). Benefits:\n * `rmt-cli mirror repositories` now works for custom repositories.\n * Custom repository IDs can be the same across RMT instances.\n * No more confusing \"SCC ID\" vs \"ID\" in `rmt-cli` output. Deprecation\n Warnings:\n * RMT now uses a different ID for custom repositories than before. RMT\n still supports that old ID, but it's recommended to start using the\n new ID to ensure future compatibility.\n - Updated rails and puma dependencies for security fixes.\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1993=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-21T00:00:00", "type": "suse", "title": "Security update for rmt-server (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16770", "CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420", "CVE-2020-11076", "CVE-2020-11077", "CVE-2020-15169", "CVE-2020-5247", "CVE-2020-5249", "CVE-2020-5267", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8184", "CVE-2020-8185"], "modified": "2020-11-21T00:00:00", "id": "OPENSUSE-SU-2020:1993-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2W26GJJ7QXIADWB6ZCQWC2BUZD2ALYVT/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-11-08T04:09:41", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for rubygem-puma to version 4.3.5 fixes the following issues:\n\n - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage\n (bsc#1172175).\n - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid\n transfer-encoding header (bsc#1172176).\n - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-990=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-18T00:00:00", "type": "suse", "title": "Security update for rubygem-puma (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11076", "CVE-2020-11077"], "modified": "2020-07-18T00:00:00", "id": "OPENSUSE-SU-2020:0990-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IBJZ572BJJPWGER47K3F72AXTFOQXAPJ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-11-09T21:01:42", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for rubygem-puma to version 4.3.5 fixes the following issues:\n\n - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage\n (bsc#1172175).\n - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid\n transfer-encoding header (bsc#1172176).\n - Disabled TLSv1.0 and TLSv1.1 (jsc#SLE-6965).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1001=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-18T00:00:00", "type": "suse", "title": "Security update for rubygem-puma (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11076", "CVE-2020-11077"], "modified": "2020-07-18T00:00:00", "id": "OPENSUSE-SU-2020:1001-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M45HASKBK5DTMENRJIYQEDWU3B4X4DUN/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-04-18T12:42:01", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for rubygem-actionpack-5_1 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-5418: Fixed a file content disclosure vulnerability in Action\n View which could be exploited via specially crafted accept headers in\n combination with calls to render file (bsc#1129272).\n - CVE-2019-5419: Fixed a resource exhaustion issue in Action View which\n could make the server unable to process requests (bsc#1129271).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1344=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-08T00:00:00", "type": "suse", "title": "Security update for rubygem-actionpack-5_1 (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419"], "modified": "2019-05-08T00:00:00", "id": "OPENSUSE-SU-2019:1344-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FTKJM3ODEL4P7JHON6OYNBT5XQLAHCBS/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-04-18T12:40:59", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for rubygem-activesupport-5_1 fixes the following issues:\n\n - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore\n potentially resulting in remote code execution (bsc#1172186)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1679=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-17T00:00:00", "type": "suse", "title": "Security update for rubygem-activesupport-5_1 (critical)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8165"], "modified": "2020-10-17T00:00:00", "id": "OPENSUSE-SU-2020:1679-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MHEVZRPOIACSFO3NTKUZ2CDR6E4A6UMU/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T12:41:06", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for rubygem-actionpack-5_1 fixes the following issues:\n\n - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is\n a strong parameters bypass vector in ActionPack. (bsc#1172177)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1536=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-26T00:00:00", "type": "suse", "title": "Security update for rubygem-actionpack-5_1 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8164"], "modified": "2020-09-26T00:00:00", "id": "OPENSUSE-SU-2020:1536-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PHHJOKTVBY6KIPAX5EYDAV5V4DOJKUXD/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-09T12:09:46", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for rubygem-activesupport-5_1 fixes the following issues:\n\n - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore\n potentially resulting in remote code execution (bsc#1172186)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1677=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-16T00:00:00", "type": "suse", "title": "Security update for rubygem-activesupport-5_1 (critical)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8165"], "modified": "2020-10-16T00:00:00", "id": "OPENSUSE-SU-2020:1677-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WPUCZGLPYNOC5DJRAWVXJCNB6T6PEZ7Y/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:19:15", "description": "\nMultiple security issues were discovered in the Rails web framework\nwhich could result in cross-site scripting, information leaks, code\nexecution, cross-site request forgery or bypass of upload limits.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:5.2.2.1+dfsg-1+deb10u2.\n\n\nWe recommend that you upgrade your rails packages.\n\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/rails](https://security-tracker.debian.org/tracker/rails)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-09-24T00:00:00", "type": "osv", "title": "rails - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8165", "CVE-2020-15169", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8164", "CVE-2020-8162"], "modified": "2022-08-10T07:19:11", "id": "OSV:DSA-4766-1", "href": "https://osv.dev/vulnerability/DSA-4766-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:18:56", "description": "\nSeveral security vulnerabilities have been discovered in puma, highly\nconcurrent HTTP server for Ruby/Rack applications.\n\n\n* [CVE-2020-11076](https://security-tracker.debian.org/tracker/CVE-2020-11076)\nBy using an invalid transfer-encoding header, an attacker could smuggle\n an HTTP response.\n* [CVE-2020-11077](https://security-tracker.debian.org/tracker/CVE-2020-11077)\nclient could smuggle a request through a proxy, causing the proxy to\n send a response back to another unknown client. If the proxy uses\n persistent connections and the client adds another request in via HTTP\n pipelining, the proxy may mistake it as the first request's body. Puma,\n however, would see it as two requests, and when processing the second\n request, send back a response that the proxy does not expect. If the\n proxy has reused the persistent connection to Puma to send another\n request for a different client, the second response from the first\n client will be sent to the second client.\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n3.6.0-1+deb9u1.\n\n\nWe recommend that you upgrade your puma packages.\n\n\nFor the detailed security status of puma please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/puma>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-10-08T00:00:00", "type": "osv", "title": "puma - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11077", "CVE-2020-11076"], "modified": "2022-08-05T05:18:55", "id": "OSV:DLA-2398-1", "href": "https://osv.dev/vulnerability/DLA-2398-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-21T08:16:58", "description": "\nTwo vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\n\n* [CVE-2020-8164](https://security-tracker.debian.org/tracker/CVE-2020-8164)\nStrong parameters bypass vector in ActionPack. In some cases user\n supplied information can be inadvertently leaked from Strong\n Parameters. Specifically the return value of `each`, or\n `each\\_value`, or `each\\_pair` will return the underlying\n untrusted hash of data that was read from the parameters.\n Applications that use this return value may be inadvertently use\n untrusted user input.\n* [CVE-2020-8165](https://security-tracker.debian.org/tracker/CVE-2020-8165)\nPotentially unintended unmarshalling of user-provided objects in\n MemCacheStore. There is potentially unexpected behaviour in the\n MemCacheStore where, when untrusted user input is written to the\n cache store using the `raw: true` parameter, re-reading the result\n from the cache can evaluate the user input as a Marshalled object\n instead of plain text. Unmarshalling of untrusted user input can\n have impact up to and including RCE. At a minimum, this\n vulnerability allows an attacker to inject untrusted Ruby objects\n into a web application.\n\n\nIn addition to upgrading to the latest versions of Rails,\n developers should ensure that whenever they are calling\n `Rails.cache.fetch` they are using consistent values of the `raw`\n parameter for both reading and writing.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n2:4.1.8-1+deb8u7.\n\n\nWe recommend that you upgrade your rails packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-06-19T00:00:00", "type": "osv", "title": "rails - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8165", "CVE-2020-8164"], "modified": "2022-07-21T05:53:13", "id": "OSV:DLA-2251-1", "href": "https://osv.dev/vulnerability/DLA-2251-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-12T17:11:22", "description": "### Impact\nIf an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as [HTTP Response Splitting](https://owasp.org/www-community/attacks/HTTP_Response_Splitting).\n\nWhile not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS).\n\nThis is related to [CVE-2020-5247](https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v), which fixed this vulnerability but only for regular responses.\n\n### Patches\nThis has been fixed in 4.3.3 and 3.12.4.\n\n### Workarounds\nUsers can not allow untrusted/user input in the Early Hints response header.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [puma](https://github.com/puma/puma)\n* Email us a project maintainer. [Email addresses are listed in our Code of Conduct](https://github.com/puma/puma/blob/master/CODE_OF_CONDUCT.md#enforcement).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-03T23:33:16", "type": "osv", "title": "HTTP Response Splitting (Early Hints) in Puma", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5247", "CVE-2020-5249"], "modified": "2023-06-12T17:10:08", "id": "OSV:GHSA-33VF-4XGG-9R58", "href": "https://osv.dev/vulnerability/GHSA-33vf-4xgg-9r58", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-08-08T17:23:05", "description": "# Denial of Service Vulnerability in Action View\n\nImpact \n------ \nSpecially crafted accept headers can cause the Action View template location code to consume 100% CPU, causing the server unable to process requests. This impacts all Rails applications that render views. \n\nAll users running an affected release should either upgrade or use one of the workarounds immediately. \n\nReleases \n-------- \nThe 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, and 4.2.11.1 releases are available at the normal locations. \n\nWorkarounds \n----------- \nThis vulnerability can be mitigated by wrapping `render` calls with `respond_to` blocks. For example, the following example is vulnerable: \n\n``` ruby\nclass UserController < ApplicationController \n def index \n render \"index\" \n end \nend \n``` \n\nBut the following code is not vulnerable: \n\n```ruby \nclass UserController < ApplicationController \n def index \n respond_to |format| \n format.html { render \"index\" } \n end \n end \nend \n``` \n\nImplicit rendering is impacted, so this code is vulnerable: \n\n```ruby \nclass UserController < ApplicationController \n def index \n end \nend \n``` \n\nBut can be changed this this: \n\n```ruby \nclass UserController < ApplicationController \n def index \n respond_to |format| \n format.html { render \"index\" } \n end \n end \nend \n``` \n\nAlternatively to specifying the format, the following monkey patch can be applied in an initializer: \n\n``` \n$ cat config/initializers/formats_filter.rb \n# frozen_string_literal: true \n\nActionDispatch::Request.prepend(Module.new do \n def formats \n super().select do |format| \n format.symbol || format.ref == \"*/*\" \n end \n end \nend) \n``` \n\nPlease note that only the 5.2.x, 5.1.x, 5.0.x, and 4.2.x series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases. \n\nAlso note that the patches for this vulnerability are the same as CVE-2019-5418. \n\nCredits \n------- \nThanks to John Hawthorn <john@hawthorn.email> of GitHub ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-03-13T17:25:55", "type": "osv", "title": "Denial of Service Vulnerability in Action View", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419"], "modified": "2023-08-08T17:04:14", "id": "OSV:GHSA-M63J-WH5W-C252", "href": "https://osv.dev/vulnerability/GHSA-m63j-wh5w-c252", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-05T05:18:27", "description": "\nJohn Hawthorn of Github discovered a file content disclosure\nvulnerability in Rails, a ruby based web application framework.\nSpecially crafted accept headers in combination with calls to `render\nfile:` can cause arbitrary files on the target server to be rendered,\ndisclosing the file contents.\n\n\nThis vulnerability could also be exploited for a denial-of-service\nattack.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n2:4.1.8-1+deb8u5.\n\n\nWe recommend that you upgrade your rails packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-03-31T00:00:00", "type": "osv", "title": "rails - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5419", "CVE-2019-5418"], "modified": "2022-08-05T05:18:26", "id": "OSV:DLA-1739-1", "href": "https://osv.dev/vulnerability/DLA-1739-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-21T08:14:14", "description": "\nSeveral security vulnerabilities have been discovered in puma, a web server for\nRuby/Rack applications. These flaws may lead to information leakage due to not\nalways closing response bodies, allowing untrusted input in a response header\n(HTTP Response Splitting) and thus potentially facilitating several other\nattacks like cross-site scripting. A poorly-behaved client could also use\nkeepalive requests to monopolize Puma's reactor and create a denial of service\nattack.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n3.6.0-1+deb9u2.\n\n\nWe recommend that you upgrade your puma packages.\n\n\nFor the detailed security status of puma please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/puma>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2022-05-26T00:00:00", "type": "osv", "title": "puma - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16770", "CVE-2020-5247", "CVE-2022-23634"], "modified": "2022-07-21T05:54:11", "id": "OSV:DLA-3023-1", "href": "https://osv.dev/vulnerability/DLA-3023-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-05T05:18:51", "description": "\nMultiple vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\n\n* [CVE-2020-8163](https://security-tracker.debian.org/tracker/CVE-2020-8163)\nA code injection vulnerability in Rails would allow an attacker\n who controlled the `locals` argument of a `render` call to perform\n a RCE.\n* [CVE-2020-8164](https://security-tracker.debian.org/tracker/CVE-2020-8164)\nA deserialization of untrusted data vulnerability exists in rails\n which can allow an attacker to supply information can be\n inadvertently leaked from Strong Parameters.\n* [CVE-2020-8165](https://security-tracker.debian.org/tracker/CVE-2020-8165)\nA deserialization of untrusted data vulnernerability exists in\n rails that can allow an attacker to unmarshal user-provided objects\n in MemCacheStore and RedisCacheStore potentially resulting in an\n RCE.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:4.2.7.1-1+deb9u3.\n\n\nWe recommend that you upgrade your rails packages.\n\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/rails>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-20T00:00:00", "type": "osv", "title": "rails - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8165", "CVE-2020-8163", "CVE-2020-8164"], "modified": "2022-08-05T05:18:49", "id": "OSV:DLA-2282-1", "href": "https://osv.dev/vulnerability/DLA-2282-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-16T16:01:44", "description": "### Impact\nThis is a similar but different vulnerability to the one patched in 3.12.5 and 4.3.4.\n\nA client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. \n\nIf the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client.\n\n### Patches\n\nThe problem has been fixed in Puma 3.12.6 and Puma 4.3.5.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [Puma](https://github.com/puma/puma)\n* See our [security policy](https://github.com/puma/puma/security/policy)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-22T14:55:09", "type": "osv", "title": "HTTP Smuggling via Transfer-Encoding Header in Puma", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11077"], "modified": "2023-05-16T16:01:39", "id": "OSV:GHSA-W64W-QQPH-5GXM", "href": "https://osv.dev/vulnerability/GHSA-w64w-qqph-5gxm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-04T20:13:39", "description": "There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks.\n\n### Impact\n\nWhen an HTML-unsafe string is passed as the default for a missing translation key [named `html` or ending in `_html`](https://guides.rubyonrails.org/i18n.html#using-safe-html-translations), the default string is incorrectly marked as HTML-safe and not escaped. Vulnerable code may look like the following examples:\n\n```erb\n<%# The welcome_html translation is not defined for the current locale: %>\n<%= t(\"welcome_html\", default: untrusted_user_controlled_string) %>\n\n<%# Neither the title.html translation nor the missing.html translation is defined for the current locale: %>\n<%= t(\"title.html\", default: [:\"missing.html\", untrusted_user_controlled_string]) %>\n```\n\n### Patches\n\nPatched Rails versions, 6.0.3.3 and 5.2.4.4, are available from the normal locations.\n\nThe patches have also been applied to the `master`, `6-0-stable`, and `5-2-stable` branches on GitHub. If you track any of these branches, you should update to the latest.\n\nTo aid users who aren\u2019t able to upgrade immediately, we\u2019ve provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n* [5-2-translate-helper-xss.patch](https://gist.github.com/georgeclaghorn/a466e103922ee81f24c32c9034089442#file-5-2-translate-helper-xss-patch) \u2014 patch for the 5.2 release series\n* [6-0-translate-helper-xss.patch](https://gist.github.com/georgeclaghorn/a466e103922ee81f24c32c9034089442#file-6-0-translate-helper-xss-patch) \u2014 patch for the 6.0 release series\n\nPlease note that only the 5.2 and 6.0 release series are currently supported. Users of earlier, unsupported releases are advised to update as soon as possible, as we cannot provide security fixes for unsupported releases.\n\n### Workarounds\n\nImpacted users who can\u2019t upgrade to a patched Rails version can avoid this issue by manually escaping default translations with the `html_escape` helper (aliased as `h`):\n\n```erb\n<%= t(\"welcome_html\", default: h(untrusted_user_controlled_string)) %>\n```", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-09-11T15:19:57", "type": "osv", "title": "XSS in Action View", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169"], "modified": "2023-05-04T20:13:31", "id": "OSV:GHSA-CFJV-5498-MPH5", "href": "https://osv.dev/vulnerability/GHSA-cfjv-5498-mph5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-16T16:01:00", "description": "### Impact\n\nBy using an invalid transfer-encoding header, an attacker could [smuggle an HTTP response.](https://portswigger.net/web-security/request-smuggling)\n\nOriginally reported by @ZeddYu, who has our thanks for the detailed report.\n\n### Patches\n\nThe problem has been fixed in Puma 3.12.5 and Puma 4.3.4.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [Puma](https://github.com/puma/puma)\n* See our [security policy](https://github.com/puma/puma/security/policy)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-22T14:55:05", "type": "osv", "title": "HTTP Smuggling via Transfer-Encoding Header in Puma", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11076"], "modified": "2023-05-16T16:00:54", "id": "OSV:GHSA-X7JG-6PWG-FX5H", "href": "https://osv.dev/vulnerability/GHSA-x7jg-6pwg-fx5h", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-04T20:05:05", "description": "## Keepalive thread overload/DoS\n\n### Impact\n\nA poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack.\n\nIf more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.\n\n### Patches\n\nThis vulnerability is patched in Puma 4.3.1 and 3.12.2.\n\n### Workarounds\n\nReverse proxies in front of Puma could be configured to always allow less than X keepalive connections to a Puma cluster or process, where X is the number of threads configured in Puma's thread pool.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue at [puma](github.com/puma/puma).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-05T19:26:37", "type": "osv", "title": "A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16770"], "modified": "2023-05-04T20:04:49", "id": "OSV:GHSA-7XX3-M584-X994", "href": "https://osv.dev/vulnerability/GHSA-7xx3-m584-x994", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-07-05T20:48:15", "description": "There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.\n\nThis vulnerability has been assigned the CVE identifier CVE-2020-8185.\n\nVersions Affected: 6.0.0 < rails < 6.0.3.2\nNot affected: Applications with `config.action_dispatch.show_exceptions = false` (this is not a default setting in production)\nFixed Versions: rails >= 6.0.3.2\n\nImpact\n------\n\nUsing this issue, an attacker would be able to execute any migrations that are pending for a Rails app running in production mode. It is important to note that an attacker is limited to running migrations the application developer has already defined in their application and ones that have not already run.\n\nWorkarounds\n-----------\n\nUntil such time as the patch can be applied, application developers should disable the ActionDispatch middleware in their production environment via a line such as this one in their config/environment/production.rb:\n\n`config.middleware.delete ActionDispatch::ActionableExceptions`", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-24T17:40:33", "type": "osv", "title": "Untrusted users can run pending migrations in production in Rails", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8185"], "modified": "2023-07-05T20:48:08", "id": "OSV:GHSA-C6QR-H5VQ-59JC", "href": "https://osv.dev/vulnerability/GHSA-c6qr-h5vq-59jc", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-08-05T05:18:56", "description": "\nA potential Cross-Site Scripting (XSS) vulnerability was found in rails,\na ruby based MVC framework. Views that allow the user to control the\ndefault (not found) value of the `t` and `translate` helpers could be\nsusceptible to XSS attacks. When an HTML-unsafe string is passed as the\ndefault for a missing translation key named html or ending in \\_html, the\ndefault string is incorrectly marked as HTML-safe and not escaped.\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n2:4.2.7.1-1+deb9u4.\n\n\nWe recommend that you upgrade your rails packages.\n\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/rails>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-10-09T00:00:00", "type": "osv", "title": "rails - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169"], "modified": "2022-08-05T05:18:55", "id": "OSV:DLA-2403-1", "href": "https://osv.dev/vulnerability/DLA-2403-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-08-28T12:36:06", "description": "A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it possible for an attacker to forge a secure or host-only cookie prefix.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-24T17:15:00", "type": "osv", "title": "Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8184"], "modified": "2023-08-28T12:15:48", "id": "OSV:GHSA-J6W9-FV6Q-3Q52", "href": "https://osv.dev/vulnerability/GHSA-j6w9-fv6q-3q52", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-08-08T17:21:30", "description": "There is a strong parameters bypass vector in ActionPack.\n\nVersions Affected: rails <= 6.0.3\nNot affected: rails < 4.0.0\nFixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1\n\nImpact\n------\nIn some cases user supplied information can be inadvertently leaked from\nStrong Parameters. Specifically the return value of `each`, or `each_value`,\nor `each_pair` will return the underlying \"untrusted\" hash of data that was\nread from the parameters. Applications that use this return value may be\ninadvertently use untrusted user input.\n\nImpacted code will look something like this:\n\n```\ndef update\n # Attacker has included the parameter: `{ is_admin: true }`\n User.update(clean_up_params)\nend\n\ndef clean_up_params\n params.each { |k, v| SomeModel.check(v) if k == :name }\nend\n```\n\nNote the mistaken use of `each` in the `clean_up_params` method in the above\nexample.\n\nWorkarounds\n-----------\nDo not use the return values of `each`, `each_value`, or `each_pair` in your\napplication.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-26T15:09:16", "type": "osv", "title": "Possible Strong Parameters Bypass in ActionPack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8164"], "modified": "2023-08-08T15:25:38", "id": "OSV:GHSA-8727-M6GJ-MC37", "href": "https://osv.dev/vulnerability/GHSA-8727-m6gj-mc37", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2023-12-07T10:27:31", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4766-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 24, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nCVE ID : CVE-2020-8162 CVE-2020-8164 CVE-2020-8165 CVE-2020-8166 \n CVE-2020-8167 CVE-2020-15169\n\nMultiple security issues were discovered in the Rails web framework\nwhich could result in cross-site scripting, information leaks, code\nexecution, cross-site request forgery or bypass of upload limits.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:5.2.2.1+dfsg-1+deb10u2.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/rails\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-24T20:50:38", "type": "debian", "title": "[SECURITY] [DSA 4766-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-8162", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167"], "modified": "2020-09-24T20:50:38", "id": "DEBIAN:DSA-4766-1:03D2D", "href": "https://lists.debian.org/debian-security-announce/2020/msg00173.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T17:22:45", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2398-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Abhijith PA\nOctober 07, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : puma\nVersion : 3.6.0-1+deb9u1\nCVE ID : CVE-2020-11076 CVE-2020-11077\n\nSeveral security vulnerabilities have been discovered in puma, highly\nconcurrent HTTP server for Ruby/Rack applications.\n\nCVE-2020-11076\n\n By using an invalid transfer-encoding header, an attacker could smuggle\n an HTTP response.\n\nCVE-2020-11077\n\n client could smuggle a request through a proxy, causing the proxy to\n send a response back to another unknown client. If the proxy uses\n persistent connections and the client adds another request in via HTTP\n pipelining, the proxy may mistake it as the first request&#x27;s body. Puma,\n however, would see it as two requests, and when processing the second\n request, send back a response that the proxy does not expect. If the\n proxy has reused the persistent connection to Puma to send another\n request for a different client, the second response from the first\n client will be sent to the second client.\n\nFor Debian 9 stretch, this problem has been fixed in version\n3.6.0-1+deb9u1.\n\nWe recommend that you upgrade your puma packages.\n\nFor the detailed security status of puma please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/puma\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-07T11:06:30", "type": "debian", "title": "[SECURITY] [DLA 2398-1] puma security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11076", "CVE-2020-11077"], "modified": "2020-10-07T11:06:30", "id": "DEBIAN:DLA-2398-1:DA3D0", "href": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T10:56:48", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2398-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Abhijith PA\nOctober 07, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : puma\nVersion : 3.6.0-1+deb9u1\nCVE ID : CVE-2020-11076 CVE-2020-11077\n\nSeveral security vulnerabilities have been discovered in puma, highly\nconcurrent HTTP server for Ruby/Rack applications.\n\nCVE-2020-11076\n\n By using an invalid transfer-encoding header, an attacker could smuggle\n an HTTP response.\n\nCVE-2020-11077\n\n client could smuggle a request through a proxy, causing the proxy to\n send a response back to another unknown client. If the proxy uses\n persistent connections and the client adds another request in via HTTP\n pipelining, the proxy may mistake it as the first request&#x27;s body. Puma,\n however, would see it as two requests, and when processing the second\n request, send back a response that the proxy does not expect. If the\n proxy has reused the persistent connection to Puma to send another\n request for a different client, the second response from the first\n client will be sent to the second client.\n\nFor Debian 9 stretch, this problem has been fixed in version\n3.6.0-1+deb9u1.\n\nWe recommend that you upgrade your puma packages.\n\nFor the detailed security status of puma please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/puma\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-10-07T11:06:30", "type": "debian", "title": "[SECURITY] [DLA 2398-1] puma security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11076", "CVE-2020-11077"], "modified": "2020-10-07T11:06:30", "id": "DEBIAN:DLA-2398-1:E6070", "href": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-06T17:48:06", "description": "Package : rails\nVersion : 2:4.1.8-1+deb8u7\nCVE ID : CVE-2020-8164 CVE-2020-8165\n\n\nTwo vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\nCVE-2020-8164\n\n Strong parameters bypass vector in ActionPack. In some cases user\n supplied information can be inadvertently leaked from Strong\n Parameters. Specifically the return value of `each`, or\n `each_value`, or `each_pair` will return the underlying\n &quot;untrusted&quot; hash of data that was read from the parameters.\n Applications that use this return value may be inadvertently use\n untrusted user input.\n\nCVE-2020-8165\n\n Potentially unintended unmarshalling of user-provided objects in\n MemCacheStore. There is potentially unexpected behaviour in the\n MemCacheStore where, when untrusted user input is written to the\n cache store using the `raw: true` parameter, re-reading the result\n from the cache can evaluate the user input as a Marshalled object\n instead of plain text. Unmarshalling of untrusted user input can\n have impact up to and including RCE. At a minimum, this\n vulnerability allows an attacker to inject untrusted Ruby objects\n into a web application.\n\n In addition to upgrading to the latest versions of Rails,\n developers should ensure that whenever they are calling\n `Rails.cache.fetch` they are using consistent values of the `raw`\n parameter for both reading and writing.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n2:4.1.8-1+deb8u7.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-19T17:14:46", "type": "debian", "title": "[SECURITY] [DLA 2251-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8164", "CVE-2020-8165"], "modified": "2020-06-19T17:14:46", "id": "DEBIAN:DLA-2251-1:4D21E", "href": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T12:29:09", "description": "Package : rails\nVersion : 2:4.1.8-1+deb8u5\nCVE ID : CVE-2019-5418 CVE-2019-5419\nDebian Bug : 924520\n\nJohn Hawthorn of Github discovered a file content disclosure\nvulnerability in Rails, a ruby based web application framework.\nSpecially crafted accept headers in combination with calls to `render\nfile:` can cause arbitrary files on the target server to be rendered,\ndisclosing the file contents.\n\nThis vulnerability could also be exploited for a denial-of-service\nattack.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n2:4.1.8-1+deb8u5.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-03-31T13:51:06", "type": "debian", "title": "[SECURITY] [DLA 1739-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419"], "modified": "2019-03-31T13:51:06", "id": "DEBIAN:DLA-1739-1:BC765", "href": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-06T18:10:56", "description": "Package : rails\nVersion : 2:4.1.8-1+deb8u5\nCVE ID : CVE-2019-5418 CVE-2019-5419\nDebian Bug : 924520\n\nJohn Hawthorn of Github discovered a file content disclosure\nvulnerability in Rails, a ruby based web application framework.\nSpecially crafted accept headers in combination with calls to `render\nfile:` can cause arbitrary files on the target server to be rendered,\ndisclosing the file contents.\n\nThis vulnerability could also be exploited for a denial-of-service\nattack.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n2:4.1.8-1+deb8u5.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-03-31T13:51:06", "type": "debian", "title": "[SECURITY] [DLA 1739-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419"], "modified": "2019-03-31T13:51:06", "id": "DEBIAN:DLA-1739-1:3959D", "href": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-06T16:51:23", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-3023-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nMay 26, 2022 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : puma\nVersion : 3.6.0-1+deb9u2\nCVE ID : CVE-2019-16770 CVE-2020-5247 CVE-2022-23634\nDebian Bug : 946312 952766 1005391\n\nSeveral security vulnerabilities have been discovered in puma, a web server for\nRuby/Rack applications. These flaws may lead to information leakage due to not\nalways closing response bodies, allowing untrusted input in a response header\n(HTTP Response Splitting) and thus potentially facilitating several other\nattacks like cross-site scripting. A poorly-behaved client could also use\nkeepalive requests to monopolize Puma&#x27;s reactor and create a denial of service\nattack.\n\nFor Debian 9 stretch, these problems have been fixed in version\n3.6.0-1+deb9u2.\n\nWe recommend that you upgrade your puma packages.\n\nFor the detailed security status of puma please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/puma\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-25T22:50:13", "type": "debian", "title": "[SECURITY] [DLA 3023-1] puma security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16770", "CVE-2020-5247", "CVE-2022-23634"], "modified": "2022-05-25T22:50:13", "id": "DEBIAN:DLA-3023-1:8FA49", "href": "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-12-06T17:46:06", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2282-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ \nJuly 20, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : rails\nVersion : 2:4.2.7.1-1+deb9u3\nCVE ID : CVE-2020-8163 CVE-2020-8164 CVE-2020-8165\n\nMultiple vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\nCVE-2020-8163\n\n A code injection vulnerability in Rails would allow an attacker\n who controlled the `locals` argument of a `render` call to perform\n a RCE.\n\nCVE-2020-8164\n\n A deserialization of untrusted data vulnerability exists in rails\n which can allow an attacker to supply information can be\n inadvertently leaked from Strong Parameters.\n\nCVE-2020-8165\n\n A deserialization of untrusted data vulnernerability exists in\n rails that can allow an attacker to unmarshal user-provided objects\n in MemCacheStore and RedisCacheStore potentially resulting in an\n RCE.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:4.2.7.1-1+deb9u3.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/rails\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-20T13:17:33", "type": "debian", "title": "[SECURITY] [DLA 2282-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8163", "CVE-2020-8164", "CVE-2020-8165"], "modified": "2020-07-20T13:17:33", "id": "DEBIAN:DLA-2282-1:AA7B9", "href": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T10:55:38", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2403-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nOctober 09, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : rails\nVersion : 2:4.2.7.1-1+deb9u4\nCVE ID : CVE-2020-15169\nDebian Bug : 970040\n\nA potential Cross-Site Scripting (XSS) vulnerability was found in rails,\na ruby based MVC framework. Views that allow the user to control the\ndefault (not found) value of the `t` and `translate` helpers could be\nsusceptible to XSS attacks. When an HTML-unsafe string is passed as the\ndefault for a missing translation key named html or ending in _html, the\ndefault string is incorrectly marked as HTML-safe and not escaped.\n\nFor Debian 9 stretch, this problem has been fixed in version\n2:4.2.7.1-1+deb9u4.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/rails\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-10-09T18:20:48", "type": "debian", "title": "[SECURITY] [DLA 2403-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169"], "modified": "2020-10-09T18:20:48", "id": "DEBIAN:DLA-2403-1:A426F", "href": "https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-06T17:22:37", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2403-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nOctober 09, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : rails\nVersion : 2:4.2.7.1-1+deb9u4\nCVE ID : CVE-2020-15169\nDebian Bug : 970040\n\nA potential Cross-Site Scripting (XSS) vulnerability was found in rails,\na ruby based MVC framework. Views that allow the user to control the\ndefault (not found) value of the `t` and `translate` helpers could be\nsusceptible to XSS attacks. When an HTML-unsafe string is passed as the\ndefault for a missing translation key named html or ending in _html, the\ndefault string is incorrectly marked as HTML-safe and not escaped.\n\nFor Debian 9 stretch, this problem has been fixed in version\n2:4.2.7.1-1+deb9u4.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/rails\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-10-09T18:20:48", "type": "debian", "title": "[SECURITY] [DLA 2403-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169"], "modified": "2020-10-09T18:20:48", "id": "DEBIAN:DLA-2403-1:8BD9E", "href": "https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2023-06-06T15:26:39", "description": "Ruby on Rails is a full-stack web framework optimized for programmer happin ess and sustainable productivity. It encourages beautiful code by favoring convention over configuration. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:18:00", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-rails-6.0.3.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:18:00", "id": "FEDORA:7AD1030BB654", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FU5SRTFS6WYRUXYCCTM5MGDX3NLEEJKH/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T15:26:39", "description": "A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:18:00", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-activemodel-6.0.3.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:18:00", "id": "FEDORA:04C8E30BDAB3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LJSOSPY7DZOM4T3HZ7CQWKVOPP3GEHAP/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T15:26:39", "description": "High-level wrapper for processing images for the web with ImageMagick or libvips. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:18:00", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-image_processing-1.11.0-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:18:00", "id": "FEDORA:61EBD30BDAB3", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/V77VWTREGLCV4FYZJECGWKOTTNFELDBQ/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T15:26:39", "description": "Edit and display rich text in Rails applications. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:17:59", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-actiontext-6.0.3.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:17:59", "id": "FEDORA:AF8C030C0EF2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T15:26:39", "description": "Email on Rails. Compose, deliver, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:17:59", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-actionmailer-6.0.3.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:17:59", "id": "FEDORA:8116230C0EF7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OCTEWRI3XID5GZOZTXA4X6UOPUSC2UYL/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T15:26:39", "description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:18:00", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-activerecord-6.0.3.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:18:00", "id": "FEDORA:1BE4F30C0EF2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BNFPHMTLAWYZJ6EWEYHFJQXYUVKY23UM/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T15:26:39", "description": "Rails internals: application bootup, plugins, generators, and rake tasks. Railties is responsible to glue all frameworks together. Overall, it: * handles all the bootstrapping process for a Rails application; * manages rails command line interface; * provides Rails generators core; ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:18:00", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-railties-6.0.3.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:18:00", "id": "FEDORA:92FD1309B6F1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3TVKX2B2ESGFLM7F4MHZTA4XDWSPJ4P5/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T15:26:39", "description": "Simple, battle-tested conventions and helpers for building web pages. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:17:59", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-actionview-6.0.3.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:17:59", "id": "FEDORA:C779E30C0EFA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5EZPMRMP5NJUYGUVIEPYFOGLVDPWFW2N/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T15:26:39", "description": "Declare job classes that can be run by a variety of queueing backends. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:17:59", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-activejob-6.0.3.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:17:59", "id": "FEDORA:E04FA30C0EFD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QRZEMAYGXVQHF5WFVJUDLEEOZNJOVIX4/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T15:26:39", "description": "Attach cloud and local files in Rails applications. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:18:00", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-activestorage-6.0.3.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:18:00", "id": "FEDORA:3313D30C0EF8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PFKTD4YMAG7SHBGR3NHQAEP7VJSDQQQT/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T15:26:39", "description": "A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:18:00", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-activesupport-6.0.3.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:18:00", "id": "FEDORA:4A6A3309B6F1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GO5HFESPLIQNFHB24NFZAB353VOPYCB2/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T15:26:39", "description": "Receive and process incoming emails in Rails applications. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:17:59", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-actionmailbox-6.0.3.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:17:59", "id": "FEDORA:6905030C0EF2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RFUPYCMMB7Z2ZMQX6AW7I3NAR37BJI5A/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T15:26:39", "description": "Structure many real-time application concerns into channels over a single WebSocket connection. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:17:59", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-actioncable-6.0.3.3-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:17:59", "id": "FEDORA:2DDE030C0EF7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/D4VJEYQXG3YO2LEPJM4XXU5KUBHBSO6F/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-06T15:26:39", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-05T00:17:59", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-actionpack-6.0.3.3-2.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-05T00:17:59", "id": "FEDORA:98F1A30C0EF8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XBLUWGVWDBEL4UVXFH5PAX643HSWO7YF/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-27T10:47:49", "description": "Structure many real-time application concerns into channels over a single WebSocket connection. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-10T00:48:40", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: rubygem-actioncable-5.2.3-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420"], "modified": "2019-05-10T00:48:40", "id": "FEDORA:ACA3160876F5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UIXO7J4HHYBLJBJNHMZUPVXUGMX57I7L/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-27T10:47:49", "description": "A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-10T00:48:41", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: rubygem-activemodel-5.2.3-2.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420"], "modified": "2019-05-10T00:48:41", "id": "FEDORA:706DC60427E4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-27T10:47:49", "description": "Email on Rails. Compose, deliver, receive, and test emails using the famili ar controller/view pattern. First-class support for multipart email and attachments. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-10T00:48:41", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: rubygem-actionmailer-5.2.3-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420"], "modified": "2019-05-10T00:48:41", "id": "FEDORA:02EB26020AF1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KY4ZXN7THKW6SULGVQOIQVZ5D2YZ4T4Y/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-27T10:47:49", "description": "Attach cloud and local files in Rails applications. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-10T00:48:41", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: rubygem-activestorage-5.2.3-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420"], "modified": "2019-05-10T00:48:41", "id": "FEDORA:A58F36042B2A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XOKLAIQUHLNCCDY4IPQQFOVL4VZ3HI4R/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-27T10:47:49", "description": "Simple, battle-tested conventions and helpers for building web pages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-10T00:48:41", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: rubygem-actionview-5.2.3-2.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420"], "modified": "2019-05-10T00:48:41", "id": "FEDORA:3AF9260427B6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XMKVLAJ645ONBV7TFOETQTIIXYLWNGAT/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-27T10:47:49", "description": "Rails internals: application bootup, plugins, generators, and rake tasks. Railties is responsible to glue all frameworks together. Overall, it: * handles all the bootstrapping process for a Rails application; * manages rails command line interface; * provides Rails generators core; ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-10T00:48:41", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: rubygem-railties-5.2.3-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420"], "modified": "2019-05-10T00:48:41", "id": "FEDORA:F2F4B60427B6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IZBDTFUNTBO3YVQGVOSN3ZMMZ53RU2CV/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-27T10:47:49", "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-10T00:48:41", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: rubygem-actionpack-5.2.3-2.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420"], "modified": "2019-05-10T00:48:41", "id": "FEDORA:201C860427AE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C7IOXQ2XDKIHJTWI7MVMOMN5OC65MBLF/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-27T10:47:49", "description": "A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-10T00:48:41", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: rubygem-activesupport-5.2.3-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420"], "modified": "2019-05-10T00:48:41", "id": "FEDORA:BF4696042B2C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G7MDES76X5TNX4RJ5KO6BEZPLHUUDBYH/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-27T10:47:49", "description": "Ruby on Rails is a full-stack web framework optimized for programmer happin ess and sustainable productivity. It encourages beautiful code by favoring convention over configuration. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-10T00:48:41", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: rubygem-rails-5.2.3-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420"], "modified": "2019-05-10T00:48:41", "id": "FEDORA:D93AD6020AF1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AAG6GNBTXXTBBLMPOF4KD5FZL636CCEY/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-27T10:47:49", "description": "Declare job classes that can be run by a variety of queueing backends. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-10T00:48:41", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: rubygem-activejob-5.2.3-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420"], "modified": "2019-05-10T00:48:41", "id": "FEDORA:561E660427BA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/R5LTRAFPABOQUXEVZ5BFVDNXULE3H5HR/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-27T10:47:49", "description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-05-10T00:48:41", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: rubygem-activerecord-5.2.3-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420"], "modified": "2019-05-10T00:48:41", "id": "FEDORA:8A3C26042808", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CNZJKC2D3RIMWY2KMMXJEXCCXQNLXWTM/", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-06T15:26:39", "description": "Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementati ons such as Rubinius and JRuby as well as as providing process worker support to support CRuby well. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-25T17:18:05", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: rubygem-puma-4.3.6-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11076", "CVE-2020-11077"], "modified": "2020-09-25T17:18:05", "id": "FEDORA:AC7E030C9BDF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-09T17:44:36", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: rubygem-puma-3.12.4-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5247", "CVE-2020-5249"], "modified": "2020-04-09T17:44:36", "id": "FEDORA:6863A6087E4D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-09T18:19:31", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: rubygem-puma-3.12.4-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5247", "CVE-2020-5249"], "modified": "2020-04-09T18:19:31", "id": "FEDORA:36BC5608DDAC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-28T14:46:51", "description": "A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-09T14:46:14", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: rubygem-puma-4.3.3-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-5247", "CVE-2020-5249"], "modified": "2020-04-09T14:46:14", "id": "FEDORA:6500563042DF", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2023-12-06T16:51:40", "description": "\n\nRuby on Rails blog:\n\nHi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can.\nBoth releases contain the following fixes:\nCVE-2020-8162: Circumvention of file size limits in ActiveStorage\nCVE-2020-8164: Possible Strong Parameters Bypass in ActionPack\nCVE-2020-8165: Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore\nCVE-2020-8166: Ability to forge per-form CSRF tokens given a global CSRF token\nCVE-2020-8167: CSRF Vulnerability in rails-ujs\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-18T00:00:00", "type": "freebsd", "title": "Rails -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8162", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167"], "modified": "2020-05-18T00:00:00", "id": "85FCA718-99F6-11EA-BF1D-08002728F74C", "href": "https://vuxml.freebsd.org/freebsd/85fca718-99f6-11ea-bf1d-08002728f74c.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T15:47:19", "description": "\n\nRuby on Rails blog:\n\nRails 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1, and 6.0.0.beta3 have been released! These contain the following important security fixes. It is recommended that users upgrade as soon as possible:\nCVE-2019-5418 File Content Disclosure in Action View\nCVE-2019-5419 Denial of Service Vulnerability in Action View\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-03-13T00:00:00", "type": "freebsd", "title": "Rails -- Action View vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-5418", "CVE-2019-5419"], "modified": "2019-03-13T00:00:00", "id": "1396A74A-4997-11E9-B5F1-83EDB3F89BA1", "href": "https://vuxml.freebsd.org/freebsd/1396a74a-4997-11e9-b5f1-83edb3f89ba1.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-06T15:47:18", "description": "\n\nRuby on Rails blog:\n\nRails 5.2.4.4 and 6.0.3.3 have been released! These releases contain an\n\t important security fix, so please upgrade when you can.\nBoth releases contain the following fix: [CVE-2020-15169] Potential XSS\n\t vulnerability in Action View\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-09-09T00:00:00", "type": "freebsd", "title": "Rails -- Potential XSS vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169"], "modified": "2020-09-09T00:00:00", "id": "7B630362-F468-11EA-A96C-08002728F74C", "href": "https://vuxml.freebsd.org/freebsd/7b630362-f468-11ea-a96c-08002728f74c.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-12-06T16:51:40", "description": "\n\nRuby on Rails blog:\n\nRails 6.0.3.2 has been released! This version of Rails contains an\n\t important security patch, and you should upgrade! The release contains\n\t only one patch that addresses CVE-2020-8185.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-17T00:00:00", "type": "freebsd", "title": "Rails -- permission vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8185"], "modified": "2020-06-17T00:00:00", "id": "FEB8AFDC-B3E5-11EA-9DF5-08002728F74C", "href": "https://vuxml.freebsd.org/freebsd/feb8afdc-b3e5-11ea-9df5-08002728f74c.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:32:12", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionview FEDORA-2019-1cfe24db5c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5420", "CVE-2019-5419", "CVE-2019-5418"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876345", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876345", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876345\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-10 02:11:42 +0000 (Fri, 10 May 2019)\");\n script_name(\"Fedora Update for rubygem-actionview FEDORA-2019-1cfe24db5c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1cfe24db5c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMKVLAJ645ONBV7TFOETQTIIXYLWNGAT\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'rubygem-actionview' package(s) announced via the FEDORA-2019-1cfe24db5c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Simple, battle-tested conventions and helpers\n for building web pages.\");\n\n script_tag(name:\"affected\", value:\"'rubygem-actionview' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionview\", rpm:\"rubygem-actionview~5.2.3~2.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:18", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-railties FEDORA-2019-1cfe24db5c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5420", "CVE-2019-5419", "CVE-2019-5418"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876344", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876344", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876344\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-10 02:11:39 +0000 (Fri, 10 May 2019)\");\n script_name(\"Fedora Update for rubygem-railties FEDORA-2019-1cfe24db5c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1cfe24db5c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZBDTFUNTBO3YVQGVOSN3ZMMZ53RU2CV\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'rubygem-railties' package(s) announced via the FEDORA-2019-1cfe24db5c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Rails internals: application bootup, plugins,\n generators, and rake tasks. Railties is responsible to glue all frameworks\n together. Overall, it:\n\n * handles all the bootstrapping process for a Rails application,\n\n * manages rails command line interface,\n\n * provides Rails generators core.\");\n\n script_tag(name:\"affected\", value:\"'rubygem-railties' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-railties\", rpm:\"rubygem-railties~5.2.3~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-08-29T14:54:53", "description": "Discourse is prone to multiple vulnerabilities in Ruby on Rails.", "cvss3": {}, "published": "2019-06-17T00:00:00", "type": "openvas", "title": "Discourse < 2.3.0.beta5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5420", "CVE-2019-5419", "CVE-2019-5418"], "modified": "2019-08-28T00:00:00", "id": "OPENVAS:1361412562310108598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108598", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:discourse:discourse\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108598\");\n script_version(\"2019-08-28T13:27:25+0000\");\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\");\n script_tag(name:\"last_modification\", value:\"2019-08-28 13:27:25 +0000 (Wed, 28 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-17 06:03:35 +0000 (Mon, 17 Jun 2019)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Discourse < 2.3.0.beta5 Multiple Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_discourse_detect.nasl\");\n script_mandatory_keys(\"discourse/detected\");\n\n script_tag(name:\"summary\", value:\"Discourse is prone to multiple vulnerabilities in Ruby on Rails.\");\n\n script_tag(name:\"affected\", value:\"Discourse before version 2.3.0.beta5.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.3.0.beta5.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_xref(name:\"URL\", value:\"https://meta.discourse.org/t/discourse-2-3-0-beta5-release-notes/111727\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\n\nif( version_is_less( version:vers, test_version:\"2.3.0\" ) ||\n version_in_range( version:vers, test_version:\"2.3.0.beta1\", test_version2:\"2.3.0.beta4\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.3.0.beta5\", install_path:infos[\"location\"] );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:18", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activesupport FEDORA-2019-1cfe24db5c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5420", "CVE-2019-5419", "CVE-2019-5418"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876332", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876332", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876332\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-10 02:11:12 +0000 (Fri, 10 May 2019)\");\n script_name(\"Fedora Update for rubygem-activesupport FEDORA-2019-1cfe24db5c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1cfe24db5c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G7MDES76X5TNX4RJ5KO6BEZPLHUUDBYH\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'rubygem-activesupport' package(s) announced via the FEDORA-2019-1cfe24db5c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A toolkit of support libraries and Ruby core\n extensions extracted from the Rails framework. Rich support for multibyte\n strings, internationalization, time zones, and testing.\");\n\n script_tag(name:\"affected\", value:\"'rubygem-activesupport' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~5.2.3~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:15", "description": "The remote host is missing an update for\n the ", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activejob FEDORA-2019-1cfe24db5c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5420", "CVE-2019-5419", "CVE-2019-5418"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876337", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876337\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-10 02:11:22 +0000 (Fri, 10 May 2019)\");\n script_name(\"Fedora Update for rubygem-activejob FEDORA-2019-1cfe24db5c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1cfe24db5c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5LTRAFPABOQUXEVZ5BFVDNXULE3H5HR\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\n the 'rubygem-activejob' package(s) announced via the FEDORA-2019-1cfe24db5c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Declare job classes that can be run by a\n variety of queueing backends.\");\n\n script_tag(name:\"affected\", value:\"'rubygem-activejob' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activejob\", rpm:\"rubygem-activejob~5.2.3~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:16", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actioncable FEDORA-2019-1cfe24db5c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5420", "CVE-2019-5419", "CVE-2019-5418"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876335", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876335\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-10 02:11:17 +0000 (Fri, 10 May 2019)\");\n script_name(\"Fedora Update for rubygem-actioncable FEDORA-2019-1cfe24db5c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1cfe24db5c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIXO7J4HHYBLJBJNHMZUPVXUGMX57I7L\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'rubygem-actioncable' package(s) announced via the FEDORA-2019-1cfe24db5c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Structure many real-time application concerns\n into channels over a single WebSocket connection.\");\n\n script_tag(name:\"affected\", value:\"'rubygem-actioncable' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actioncable\", rpm:\"rubygem-actioncable~5.2.3~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:17", "description": "The remote host is missing an update for\n the ", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activerecord FEDORA-2019-1cfe24db5c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5420", "CVE-2019-5419", "CVE-2019-5418"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876343", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876343", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876343\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-10 02:11:37 +0000 (Fri, 10 May 2019)\");\n script_name(\"Fedora Update for rubygem-activerecord FEDORA-2019-1cfe24db5c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1cfe24db5c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNZJKC2D3RIMWY2KMMXJEXCCXQNLXWTM\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\n the 'rubygem-activerecord' package(s) announced via the FEDORA-2019-1cfe24db5c\n advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Implements the ActiveRecord pattern (Fowler, PoEAA)\n for ORM. It ties database tables and classes together for business objects, like\n Customer or Subscription, that can find, save, and destroy themselves without\n resorting to manual SQL.\");\n\n script_tag(name:\"affected\", value:\"'rubygem-activerecord' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activerecord\", rpm:\"rubygem-activerecord~5.2.3~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:16", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activestorage FEDORA-2019-1cfe24db5c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5420", "CVE-2019-5419", "CVE-2019-5418"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876347", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876347", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876347\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-10 02:11:48 +0000 (Fri, 10 May 2019)\");\n script_name(\"Fedora Update for rubygem-activestorage FEDORA-2019-1cfe24db5c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1cfe24db5c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKLAIQUHLNCCDY4IPQQFOVL4VZ3HI4R\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'rubygem-activestorage' package(s) announced via the FEDORA-2019-1cfe24db5c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Attach cloud and local files in Rails applications.\");\n\n script_tag(name:\"affected\", value:\"'rubygem-activestorage' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activestorage\", rpm:\"rubygem-activestorage~5.2.3~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:15", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-activemodel FEDORA-2019-1cfe24db5c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5420", "CVE-2019-5419", "CVE-2019-5418"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876341", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876341", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876341\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-10 02:11:32 +0000 (Fri, 10 May 2019)\");\n script_name(\"Fedora Update for rubygem-activemodel FEDORA-2019-1cfe24db5c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1cfe24db5c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'rubygem-activemodel' package(s) announced via the FEDORA-2019-1cfe24db5c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A toolkit for building modeling frameworks\n like Active Record. Rich support for attributes, callbacks, validations,\n serialization, internationalization, and testing.\");\n\n script_tag(name:\"affected\", value:\"'rubygem-activemodel' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-activemodel\", rpm:\"rubygem-activemodel~5.2.3~2.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:14", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-rails FEDORA-2019-1cfe24db5c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5420", "CVE-2019-5419", "CVE-2019-5418"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876340", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876340", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876340\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-10 02:11:30 +0000 (Fri, 10 May 2019)\");\n script_name(\"Fedora Update for rubygem-rails FEDORA-2019-1cfe24db5c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1cfe24db5c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAG6GNBTXXTBBLMPOF4KD5FZL636CCEY\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'rubygem-rails' package(s) announced via the FEDORA-2019-1cfe24db5c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ruby on Rails is a full-stack web framework\n optimized for programmer happiness and sustainable productivity. It encourages\n beautiful code by favoring convention over configuration.\");\n\n script_tag(name:\"affected\", value:\"'rubygem-rails' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rails\", rpm:\"rubygem-rails~5.2.3~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:12", "description": "The remote host is missing an update for\n the ", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionmailer FEDORA-2019-1cfe24db5c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5420", "CVE-2019-5419", "CVE-2019-5418"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876339", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876339", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876339\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-10 02:11:27 +0000 (Fri, 10 May 2019)\");\n script_name(\"Fedora Update for rubygem-actionmailer FEDORA-2019-1cfe24db5c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1cfe24db5c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KY4ZXN7THKW6SULGVQOIQVZ5D2YZ4T4Y\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for\n the 'rubygem-actionmailer' package(s) announced via the FEDORA-2019-1cfe24db5c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Email on Rails. Compose, deliver, receive,\n and test emails using the familiar controller/view pattern. First-class support\n for multipart email and attachments.\");\n\n script_tag(name:\"affected\", value:\"'rubygem-actionmailer' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionmailer\", rpm:\"rubygem-actionmailer~5.2.3~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:32:16", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-05-10T00:00:00", "type": "openvas", "title": "Fedora Update for rubygem-actionpack FEDORA-2019-1cfe24db5c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-5420", "CVE-2019-5419", "CVE-2019-5418"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310876336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876336", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876336\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-10 02:11:20 +0000 (Fri, 10 May 2019)\");\n script_name(\"Fedora Update for rubygem-actionpack FEDORA-2019-1cfe24db5c\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-1cfe24db5c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7IOXQ2XDKIHJTWI7MVMOMN5OC65MBLF\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'rubygem-actionpack' package(s) announced via the FEDORA-2019-1cfe24db5c advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Eases web-request routing, handling, and\n response as a half-way front, half-way page controller. Implemented with\n specific emphasis on enabling easy unit/integration testing that doesn&#39, t\n require a browser.\");\n\n script_tag(name:\"affected\", value:\"'rubygem-actionpack' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~5.2.3~2.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-21T20:10:01", "description": "Ruby on Rails is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-06-29T00:00:00", "type": "openvas", "title": "Ruby on Raily < 5.2.4.3, 6.x < 6.0.3.1 Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8165", "CVE-2020-8167", "CVE-2020-8164", "CVE-2020-8162"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310113712", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113712", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113712\");\n script_version(\"2020-07-14T14:24:25+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:24:25 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-29 11:40:59 +0000 (Mon, 29 Jun 2020)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2020-8162\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8167\");\n\n script_name(\"Ruby on Raily < 5.2.4.3, 6.x < 6.0.3.1 Multiple Vulnerabilities (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Ruby on Rails is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - The Content-Length parameter of a direct file upload may be modified\n by an attacker to bypass upload limitations.\n\n - A deserialization vulnerability may allow an attacker to read sensitive information.\n\n - An attacker may unmarshal user-provided objects in MemCacheStore\n and RedisCacheStore resulting in arbitrary code execution.\n\n - A cross-site request forgery (CSRF) vulnerability in the rails-ujs module\n may allow an attacker to perform actions in the context of another user.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails through version 5.2.4.2 and versions 6.0.0.0 through 6.0.3.0.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.2.4.3 or 6.0.3.1 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/789579\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/292797\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/413388\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/189878\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"5.2.4.3\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"5.2.4.3\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"6.0.0.0\", test_version2: \"6.0.3.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"6.0.3.1\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T20:10:01", "description": "Ruby on Rails is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-06-29T00:00:00", "type": "openvas", "title": "Ruby on Raily < 5.2.4.3, 6.x < 6.0.3.1 Multiple Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8165", "CVE-2020-8167", "CVE-2020-8164", "CVE-2020-8162"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310113709", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113709", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113709\");\n script_version(\"2020-07-14T14:24:25+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:24:25 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-29 11:40:59 +0000 (Mon, 29 Jun 2020)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2020-8162\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8167\");\n\n script_name(\"Ruby on Raily < 5.2.4.3, 6.x < 6.0.3.1 Multiple Vulnerabilities (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Ruby on Rails is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - The Content-Length parameter of a direct file upload may be modified\n by an attacker to bypass upload limitations.\n\n - A deserialization vulnerability may allow an attacker to read sensitive information.\n\n - An attacker may unmarshal user-provided objects in MemCacheStore\n and RedisCacheStore resulting in arbitrary code execution.\n\n - A cross-site request forgery (CSRF) vulnerability in the rails-ujs module\n may allow an attacker to perform actions in the context of another user.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails through version 5.2.4.2 and versions 6.0.0.0 through 6.0.3.0.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.2.4.3 or 6.0.3.1 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/789579\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/292797\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/413388\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/189878\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"5.2.4.3\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"5.2.4.3\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"6.0.0.0\", test_version2: \"6.0.3.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"6.0.3.1\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T20:07:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-20T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for rails (DLA-2251-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8165", "CVE-2020-8164"], "modified": "2020-06-30T00:00:00", "id": "OPENVAS:1361412562310892251", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892251", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892251\");\n script_version(\"2020-06-30T08:17:39+0000\");\n script_cve_id(\"CVE-2020-8164\", \"CVE-2020-8165\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-30 08:17:39 +0000 (Tue, 30 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-20 03:00:10 +0000 (Sat, 20 Jun 2020)\");\n script_name(\"Debian LTS: Security Advisory for rails (DLA-2251-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2251-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rails'\n package(s) announced via the DLA-2251-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\nCVE-2020-8164\n\nStrong parameters bypass vector in ActionPack. In some cases user\nsupplied information can be inadvertently leaked from Strong\nParameters. Specifically the return value of `each`, or\n`each_value`, or `each_pair` will return the underlying\n'untrusted' hash of data that was read from the parameters.\nApplications that use this return value may be inadvertently use\nuntrusted user input.\n\nCVE-2020-8165\n\nPotentially unintended unmarshalling of user-provided objects in\nMemCacheStore. There is potentially unexpected behaviour in the\nMemCacheStore where, when untrusted user input is written to the\ncache store using the `raw: true` parameter, re-reading the result\nfrom the cache can evaluate the user input as a Marshalled object\ninstead of plain text. Unmarshalling of untrusted user input can\nhave impact up to and including RCE. At a minimum, this\nvulnerability allows an attacker to inject untrusted Ruby objects\ninto a web application.\n\nIn addition to upgrading to the latest versions of Rails,\ndevelopers should ensure that whenever they are calling\n`Rails.cache.fetch` they are using consistent values of the `raw`\nparameter for both reading and writing.\");\n\n script_tag(name:\"affected\", value:\"'rails' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n2:4.1.8-1+deb8u7.\n\nWe recommend that you upgrade your rails packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"rails\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-actionview\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-activemodel\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-activesupport-2.3\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-rails\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-railties\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-22T15:06:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-04-12T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for rubygem-puma (FEDORA-2020-08092b4c97)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-5247", "CVE-2020-5249"], "modified": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310877683", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877683", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877683\");\n script_version(\"2020-04-21T09:23:28+0000\");\n script_cve_id(\"CVE-2020-5247\", \"CVE-2020-5249\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\