Tag
#ruby
MiniZinc version 2.7.6 suffers from a null pointer vulnerability.
Ubuntu Security Notice 6597-1 - It was discovered that Puma incorrectly handled parsing chunked transfer encoding bodies. A remote attacker could possibly use this issue to cause Puma to consume resources, leading to a denial of service.
Gentoo Linux Security Advisory 202401-27 - Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. Multiple versions are affected.
Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity
Red Hat OpenShift security update. Issues addressed include a file disclosure vulnerability.
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12 any HTML inside text that is passed to `error` or `succeed` in an `Avo::BaseAction` subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A malicious user could exploit this vulnerability to trigger a cross site scripting attack on an unsuspecting user. This issue has been addressed in the 3.0.2 release of Avo. Users are advised to upgrade.
Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's (TOTP) inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks. ### Impact If a user's username and password have already been compromised an attacker would be able to try possible TOTP codes and see if they can hit a lucky collision to log in as that user. The user under attack would not necessarily know that their account has been compromised. ### Patches Devise-Two-Factor has not released any fixes for this vulnerability. This library is open-ended by design and cannot solve this for all applications natively. It's recommended that any application leveraging Devise-Two-Factor implement controls at the application level to mitigate this threat. A non-exhaustive list of possible mitigations can be found below. #### Mitigations 1. Use the `lockable` strategy fr...
Gentoo Linux Security Advisory 202401-14 - A denial of service vulnerability has been found in RedCloth. Versions greater than or equal to 4.3.2-r5 are affected.
### Impact Prior to versions 6.4.2 and 5.6.8, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. ### Patches The vulnerability has been fixed in 6.4.2 and 5.6.8. ### Workarounds No known workarounds. ### References * [HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling) * Open an issue in [Puma](https://github.com/puma/puma) * See our [security policy](https://github.com/puma/puma/security/policy)
When an unpatched Windows 11 host loads a theme file referencing an msstyles file, Windows loads the msstyles file, and if that file's PACKME_VERSION is 999, it then attempts to load an accompanying dll file ending in _vrf.dll. Before loading that file, it verifies that the file is signed. It does this by opening the file for reading and verifying the signature before opening the file for execution. Because this action is performed in two discrete operations, it opens the procedure for a time of check to time of use vulnerability. By embedding a UNC file path to an SMB server we control, the SMB server can serve a legitimate, signed dll when queried for the read, but then serve a different file of the same name when the host intends to load/execute the dll.