Security
Headlines
HeadlinesLatestCVEs

Tag

#ruby

Red Hat Security Advisory 2023-7851-03

Red Hat Security Advisory 2023-7851-03 - Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include cross site scripting and local file inclusion vulnerabilities.

Packet Storm
#xss#vulnerability#linux#red_hat#js#git#ruby#rpm#postgres
Red Hat Security Advisory 2023-7720-03

Red Hat Security Advisory 2023-7720-03 - An update is now available for RHOL-5.8-RHEL-9. Issues addressed include a file disclosure vulnerability.

CVE-2009-4123: CVE-2009-4123 - GitHub Advisory Database

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.

CVE-2013-2513: CVE-2013-2513 - GitHub Advisory Database

The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file.

GHSA-gxhx-g4fq-49hj: CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS

### Impact [CarrierWave::Uploader::ContentTypeAllowlist](https://github.com/carrierwaveuploader/carrierwave/blob/master/lib/carrierwave/uploader/content_type_allowlist.rb) has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. In addition, by setting the Content-Type configured by the attacker at the time of file delivery, it is possible to cause XSS on the user's browser when the uploaded file is opened. ### Patches Upgrade to [3.0.5](https://rubygems.org/gems/carrierwave/versions/3.0.5) or [2.2.5](https://rubygems.org/gems/carrierwave/versions/2.2.5). ### Workarounds When validating with `allowlisted_content_type?` in [CarrierWave::Uploader::ContentTypeAllowlist](https:...

CVE-2023-49090: Content-Type allowlist bypass vulnerability, possibly leading to XSS

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5.

CVE-2021-43609: CVE-2021-43609 Write-up

An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data.

GHSA-frgf-8jr5-j2jv: memory leak flaw was found in ruby-magick

A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.

CVE-2023-5349: Invalid Bug ID

A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.