#ruby

Red Hat Security Advisory 2023-7851-03 - Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include cross site scripting and local file inclusion vulnerabilities.

Red Hat Security Advisory 2023-7720-03 - An update is now available for RHOL-5.8-RHEL-9. Issues addressed include a file disclosure vulnerability.

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.

The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file.

### Impact [CarrierWave::Uploader::ContentTypeAllowlist](https://github.com/carrierwaveuploader/carrierwave/blob/master/lib/carrierwave/uploader/content_type_allowlist.rb) has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. In addition, by setting the Content-Type configured by the attacker at the time of file delivery, it is possible to cause XSS on the user's browser when the uploaded file is opened. ### Patches Upgrade to [3.0.5](https://rubygems.org/gems/carrierwave/versions/3.0.5) or [2.2.5](https://rubygems.org/gems/carrierwave/versions/2.2.5). ### Workarounds When validating with `allowlisted_content_type?` in [CarrierWave::Uploader::ContentTypeAllowlist](https:...

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5.

CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.

An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data.

A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.

A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.