CVE-2019-5420 – Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-5420
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. Una vulnerabilidad de ejecución remota de código en el modo de desarrollo de Rails, en versiones anteriores a la 5.2.2.1 y la 6.0.0.beta3, podría permitir que un atacante adivine el token secreto del modo de desarrollo generado automáticamente. Este token secreto puede emplearse en combinación con otros internals de Rails para escalar a un exploit de ejecución remota de código. • https://www.exploit-db.com/exploits/46785 https://github.com/knqyf263/CVE-2019-5420 https://github.com/j4k0m/CVE-2019-5420 https://github.com/laffray/ruby-RCE-CVE-2019-5420- https://github.com/scumdestroy/CVE-2019-5420.rb https://github.com/trickstersec/CVE-2019-5420 https://github.com/Eremiel/CVE-2019-5420 https://github.com/PenTestical/CVE-2019-5420 https://github.com/AnasTaoutaou/CVE-2019-5420 https://github.com/CyberSecurityUP/CVE-2019-5420-POC https://githu • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-330: Use of Insufficiently Random Values •
CVE-2019-5419 – rubygem-actionpack: denial of service vulnerability in Action View
https://notcve.org/view.php?id=CVE-2019-5419
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. Hay una posible vulnerabilidad de denegación de servicio (DoS) en la vista de acción en Rails, en versiones anteriores a las 5.2.2.1, 5.1.6.2, 5.0.7.2 y 4.2.11.1 donde las cabeceras de aceptación especialmente manipuladas pueden provocar que dicha vista consuma el 100 % de la CPU y haga que el servidor deje de responder. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html http://www.openwall.com/lists/oss-security/2019/03/22/1 https://access.redhat.com/errata/RHSA-2019:0796 https://access.redhat.com/errata/RHSA-2019:1147 https://access.redhat.com/errata/RHSA-2019:1149 https://access.redhat.com/errata/RHSA-2019:1289 https:/ • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2017-17917
https://notcve.org/view.php?id=CVE-2017-17917
SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input ** EN DISPUTA ** Vulnerabilidad de inyección SQL en el método "where" en Ruby on Rails 5.1.4 y anteriores permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro "id". NOTA: El proveedor defiende que la documentación indica que este método no está diseñado para ser utilizado con datos no confiables. • https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-17916
https://notcve.org/view.php?id=CVE-2017-17916
SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input ** EN DISPUTA** Vulnerabilidad de inyección SQL en el método "find_by" en Ruby on Rails 5.1.4 y anteriores permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro "name". NOTA: El fabricante rechaza este problema porque la documentación indica que este método no está destinado a utilizarse con datos de entrada no fiables. • https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-3482 – rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting
https://notcve.org/view.php?id=CVE-2014-3482
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. Vulnerabilidad de inyección SQL en activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb en el adaptador PostgreSQL para Active Record en Ruby on Rails 2.x y 3.x anterior a 3.2.19 permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante el aprovechamiento del citado de bitstrings indebido. It was discovered that Active Record did not properly quote values of the bitstring type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record. • http://openwall.com/lists/oss-security/2014/07/02/5 http://rhn.redhat.com/errata/RHSA-2014-0876.html http://secunia.com/advisories/59973 http://secunia.com/advisories/60214 http://secunia.com/advisories/60763 http://www.debian.org/security/2014/dsa-2982 http://www.securityfocus.com/bid/68343 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J https://access.redhat.com/security/cve/CVE-2014-3482 https://bugzilla.redhat.com/show_bug • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •