Page 3 of 30 results (0.014 seconds)

CVSS: 5.3EPSS: 1%CPEs: 5EXPL: 0

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. Ruby versiones hasta 2.4.7, versiones 2.5.x hasta 2.5.6 y versiones 2.6.x hasta 2.6.4, permite HTTP Response Splitting. Si un programa que utiliza WEBrick inserta información no segura en el encabezado de respuesta, un atacante puede explotarlo para insertar un carácter newline para dividir un encabezado e inyectar contenido malicioso para engañar a los clientes. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html https://hackerone.com/reports/331984 https://lists.debian.org/debian-lts-announce/2019/11/msg00025.html https://lists.debian.org/debian-lts-announce/2019/12/msg00009.html https://lists.debian.org/debian-lts-announce/2020/08/msg00027.html https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html https://seclists.org/bugtraq/2019/Dec/31 https://seclists.org/bugtraq/2019/Dec/32 https://security • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. Vulnerabilidad de salto de directorio en el método Dir.mktmpdir en la biblioteca tmpdir en Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, podría permitir que atacantes creen directorios o archivos arbitrarios mediante un .. (punto punto) en el argumento prefix. It was found that the tmpdir and tempfile modules did not sanitize their file name argument. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html http://www.securityfocus.com/bid/103686 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2019:2028 https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, un atacante que controla el formato de desempaquetado (similar a las vulnerabilidades de cadena de formato) puede desencadenar una sublectura de búfer en el método String#unpack. Esto resulta en una gran divulgación de información controlada. A integer underflow was found in the way String#unpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html http://www.securityfocus.com/bid/103693 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2019:2028 https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-134: Use of Externally-Controlled Format String •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, permite un ataque de separación de respuesta HTTP. Un atacante puede inyectar una clave y un valor manipulados en una respuesta HTTP para el servidor HTTP de WEBrick. It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html http://www.securityfocus.com/bid/103684 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2019:2028 https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html& • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket. En Ruby, en versiones anteriores a la 2.2.10, versiones 2.3.x anteriores a la 2.3.7, versiones 2.4.x anteriores a la 2.4.4, versiones 2.5.x anteriores a la 2.5.1 y la versión 2.6.0-preview1, los métodos UNIXServer.open y UNIXSocket.open no se comprueban en busca de caracteres null. Podría estar relacionado con un socket no planeado. It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html http://www.securityfocus.com/bid/103767 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:3729 https://access.redhat.com/errata/RHSA-2018:3730 https://access.redhat.com/errata/RHSA-2018:3731 https://access.redhat.com/errata/RHSA-2019:2028 https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html& • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •