Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-25613: Make it more strict to interpret some headers · ruby/webrick@8946bb3

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.

CVE
#web#ruby

Expand Up

@@ -227,9 +227,9 @@ def parse(socket=nil)

raise HTTPStatus::BadRequest, “bad URI `#{@unparsed_uri}’.”

end

if /close/io =~ self[“connection”]

if /\Aclose\z/io =~ self[“connection”]

@keep_alive = false

elsif /keep-alive/io =~ self[“connection”]

elsif /\Akeep-alive\z/io =~ self[“connection”]

@keep_alive = true

elsif @http_version < “1.1”

@keep_alive = false

Expand Down Expand Up

@@ -508,7 +508,7 @@ def read_body(socket, block)

return unless socket

if tc = self[‘transfer-encoding’]

case tc

when /chunked/io then read_chunked(socket, block)

when /\Achunked\z/io then read_chunked(socket, block)

else raise HTTPStatus::NotImplemented, “Transfer-Encoding: #{tc}.”

end

elsif self[‘content-length’] || @remaining_size

Expand Down

Related news

Gentoo Linux Security Advisory 202401-27

Gentoo Linux Security Advisory 202401-27 - Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. Multiple versions are affected.

CVE-2023-28864: Chef Infra Server Release Notes

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

CVE-2022-33923: DSA-2022-159: Dell PowerStore Family Security Update for Multiple Vulnerabilities

Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907