#ruby

CVE-2022-31115

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. Users are advised to upgrade. There are no known workarounds for this issue.

2 years ago

CVE

Open in Source

#vulnerability #git #ruby

CVE-2014-0156: Separate command line building and sanitizing into its own class. · ManageIQ/awesome_spawn@e524f85

Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.

2 years ago

CVE

Open in Source

#vulnerability #ruby

RHSA-2022:5338: Red Hat Security Advisory: ruby:2.6 security, bug fix, and enhancement update

An update for the ruby:2.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-28739: Ruby: Buffer overrun in String-to-Float conversion

2 years ago

Red Hat Security Data

Open in Source

#sql #vulnerability #linux #red_hat #js #telnet #ibm #ruby #mongo #sap #ssl

CVE-2013-4561: Bug 1022889 - AVC message is seen when mcolletive facts update cron j… · openshift/origin-server@f1abe97

In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.

2 years ago

CVE

Open in Source

#ruby

GHSA-73pr-g6jj-5hc9: Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql

A malicious actor can read arbitrary files from a client that uses ruby-mysql to communicate to a rogue MySQL server and issue database queries. In these cases, the server has the option to create a database reply using the LOAD DATA LOCAL statement, which instructs the client to provide additional data from a local file readable by the client (and not a "local" file on the server).

2 years ago

ghsa

Open in Source

#sql #git #ruby

CVE-2021-3779: CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later.

2 years ago

CVE

Open in Source

#sql #vulnerability #windows #dos #samba #auth #ruby #ssl

GHSA-pg8v-g4xq-hww9: Rails::Html::Sanitizer vulnerable to Cross-site Scripting

Versions of Rails::Html::Sanitizer prior to version 1.4.3 are vulnerable to XSS with certain configurations of Rails::Html::Sanitizer which allows an attacker to inject content when the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements. Code is only impacted if allowed tags are being overridden. This may be done via application configuration: ```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]``` see https://guides.rubyonrails.org/configuring.html#configuring-action-view Or it may be done with a `:tags` option to the Action View helper `sanitize`: ```<%= sanitize @comment.body, tags: ["select", "style"] %>``` see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize It may also be done with Rails::Html::SafeListSanitizer directly: ```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]``` or with ...

2 years ago

ghsa

Open in Source

#xss #google #git #ruby

CVE-2022-32209

# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/H...

2 years ago

CVE

Open in Source

#xss #vulnerability #ruby

CVE-2022-2175: patch 8.2.5148: invalid memory access when using expression on comman… · vim/vim@6046ade

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

2 years ago

CVE

Open in Source

#git #perl #ruby

Attackers can use ‘Scroll to Text Fragment’ web browser feature to steal data – research

In some scenarios, CSS style specifications can be manipulated to cause browsers to send data to an attacker-controlled server