#ruby

Red Hat Security Advisory 2024-3431-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

### Summary The next ruby code is vulnerable to denial of service due to the fact that the user controlled data `profiler_runs` was not contrained to any limitation. Which would lead to allocating resources on the server side with no limitation (CWE-770). ```ruby runs = (request.params['profiler_runs'] || @times).to_i result = @profile.profile do runs.times { @app.call(env) } end ``` An exploit as such `curl --fail "http://127.0.0.1:9292/?profiler_runs=9999999999&profile=process_time"` may cause resource exhaution by a remotely controlled value. ### PoC Herein the `config.ru` file: ```ruby require 'rack' require 'rack/contrib' use Rack::Profiler # if ENV['RACK_ENV'] == 'development' # Define a Rack application app = lambda do |env| # Your application logic goes here [200, {}, ["Hello World"]] end # Run the Rack application run app ``` A Dockerfile: ```Dockerfile # Use the official Ruby image as a base FROM ruby:latest # Set the working...

A moderate severity security vulnerability has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This advisory outlines the vulnerability, affected versions, and provides guidance for mitigation. ### Impact This vulnerability is of moderate severity due to the potential for unauthorized write access to particular Ruby files managed by the library. Such access could lead to the alteration of application behavior or data integrity issues. ### Resolution Those who use the `gem install` command, such as `gem install kaminari -v 0.16.1`, `gem unpack kaminari -v 0.16.1`, or `bundle install` to download the package would **_not_** be affected and no action is required. Those who manually download and decompressing the affected versions are advised to update to 0.16.2 or later version of Kaminari where file permissions have been adjusted to enhance security. ### Workarounds If upgrading is not feasible immediately, manually adju...

Debian Linux Security Advisory 5698-1 - Multiple security issues were found in Rack, an interface for developing web applications in Ruby, which could result in denial of service.

### Impact The REXML gem before 3.2.6 has a DoS vulnerability when it parses an XML that has many `<`s in an attribute value. If you need to parse untrusted XMLs, you many be impacted to this vulnerability. ### Patches The REXML gem 3.2.7 or later include the patch to fix this vulnerability. ### Workarounds Don't parse untrusted XMLs. ### References * https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/

Debian Linux Security Advisory 5677-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in information disclosure, denial of service or the execution of arbitrary code.

Gentoo Linux Security Advisory 202405-3 - A vulnerability has been discovered in Dalli, which can lead to code injection. Versions greater than or equal to 3.2.3 are affected.

There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browser are when it comes to executing unsafe JavaScript via HTML attributes. ### Impact If you render an `<a>` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. ```ruby a(href: user_profile) { "Profile" } ``` If you splat user-provided attributes when rendering any HTML or SVG tag, malicious event attributes could be included in the output, executing JavaScript when the events are triggered by another user. ```ruby h1(**JSON.parse(user_attributes)) ``` ### Patches Patches are [available on RubyGems](https://rubygems.org/gems/phlex) for all minor versions released in the last year. - [1.10.2](https://rubygems.org...

Red Hat Security Advisory 2024-2584-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2581-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.