Security
Headlines
HeadlinesLatestCVEs

Tag

#ruby

CVE-2020-24303: grafana/CHANGELOG.md at main · grafana/grafana

Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#google#microsoft#amazon#ubuntu#linux#debian#ddos#apache#redis#nodejs#js#git#java#php#perl#ldap#pdf#aws#oauth#auth#ssh#ruby#rpm#postgres#docker#chrome#firefox#sap#ssl
CVE-2020-26870: Mutation XSS via namespace confusion - DOMPurify < 2.0.17 bypass - research.securitum.com

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.

CVE-2020-25613: Make it more strict to interpret some headers · ruby/webrick@8946bb3

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.

CVE-2020-25739: CVE-2020-25739: Enforce HTML entities escaping in gon output · gazay/gon@fe3c7b2

An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.

CVE-2020-14001: Home | kramdown

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.

CVE-2020-8161: [CVE-2020-8161] Directory traversal in Rack::Directory

A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

CVE-2020-8165: [CVE-2020-8165] Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

CVE-2020-8162: [CVE-2020-8162] Circumvention of file size limits in ActiveStorage

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

CVE-2020-8184: [CVE-2020-8184] Percent-encoded cookies can be used to overwrite existing prefixed cookie names

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

CVE-2020-8816: Pi-Hole 4.3.2 DHCP MAC OS Command Execution ≈ Packet Storm

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.