Page 3 of 15 results (0.035 seconds)

CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 2

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. RubyGems 2.6.12 y anteriores es vulnerable a secuestro de DNS, lo que permite a un atacante Man-in-the-Middle (MitM) forzar el cliente RubyGems a que descargue e instale gemas desde un servidor que está bajo el control del atacante. A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. • http://blog.rubygems.org/2017/08/27/2.6.13-released.html http://www.securityfocus.com/bid/100586 http://www.securitytracker.com/id/1039249 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d32 https://hackerone.com/reports/218088 https://lists.debian.org/debian- • CWE-138: Improper Neutralization of Special Elements CWE-346: Origin Validation Error CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •

CVSS: 7.5EPSS: 2%CPEs: 13EXPL: 1

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. RubyGems 2.6.12 y anteriores es vulnerable a especificaciones de gemas manipuladas maliciosamente para provocar ataques de denegación de servicio contra clientes RubyGems que hayan enviado un comando query. It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. • http://blog.rubygems.org/2017/08/27/2.6.13-released.html http://www.securityfocus.com/bid/100579 http://www.securitytracker.com/id/1039249 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/rubygems/rubygems/commit/8a38a4fc24c6591e6c8f43d1fadab6efeb4d6251 https://hackerone.com/reports/243003 https://lists.debian.org/debian- • CWE-20: Improper Input Validation CWE-138: Improper Neutralization of Special Elements •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 2

RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. RubyGems 2.6.12 y anteriores no valida con éxito los nombres de las especificaciones, permitiendo que una gema manipulada maliciosamente sobrescriba cualquier archivo en el sistema de archivos. It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. RubyGems versions prior to 2.6.13 suffer from an arbitrary file overwrite vulnerability. • https://www.exploit-db.com/exploits/42611 http://blog.rubygems.org/2017/08/27/2.6.13-released.html http://www.securityfocus.com/bid/100580 http://www.securitytracker.com/id/1039249 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/rubygems/rubygems/commit/ad5c0a53a86ca5b218c7976765c0365b91d22cb2 https://hackerone.com/repor • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-138: Improper Neutralization of Special Elements •

CVSS: 4.3EPSS: 0%CPEs: 36EXPL: 0

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900. RubyGems 2.0.x en versiones anteriores a 2.0.17, 2.2.x en versiones anteriores a 2.2.5 y 2.4.x en versiones anteriores a 2.4.8 no valida el nombre del host cuando recupera gemas o hace peticiones API, lo que permite a atacantes remotos redirigir peticiones a dominios arbitrarios mediante un registro DNS SRV con un dominio que está seguido del nombre del dominio original, también conocido como un "atacque de secuestro DNS". NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-3900. • http://blog.rubygems.org/2015/06/08/2.2.5-released.html http://blog.rubygems.org/2015/06/08/2.4.8-released.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/75431 https://github.com/rubygems/rubygems/commit/5c7bfb5 https://puppet.com/security/cve/CVE-2015-3900 https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478 https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby • CWE-20: Improper Input Validation •

CVSS: 7.9EPSS: 0%CPEs: 42EXPL: 0

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." RubyGems 2.0.x en versiones anteriores a 2.0.16, 2.2.x en versiones anteriores a 2.2.4 y 2.4.x en versiones anteriores a 2.4.7 no valida el nombre de host al recuperar gemas o hacer solicitudes de API, lo que permite a atacantes remotos redireccionar peticiones a dominios arbitrarios a través del registro DNS SRV manipulado, también conocido como un "ataque de secuestro de DNS". A flaw was found in a way rubygems verified the API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle attacker could use this flaw to force a client to download content from an untrusted domain. • http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html http://rhn.redhat.com/errata/RHSA-2015-1657.html http://www.openwall.com/lists/oss-security/2015/06/26/2 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http:// • CWE-254: 7PK - Security Features CWE-345: Insufficient Verification of Data Authenticity •