Page 5 of 28 results (0.013 seconds)

CVSS: 9.3EPSS: 89%CPEs: 17EXPL: 1

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. Ruby en versiones anteriores a la 2.4.3 permite la inyección de comandos Net::FTP. • https://www.exploit-db.com/exploits/43381 http://www.securityfocus.com/bid/102204 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0584 https://access.redhat.com/errata/RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2019:2806 https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html https://lists.debian.org/debian-lts-announce • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 0

The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. El método decode en el módulo OpenSSL::ASN1 en Ruby en versiones anteriores a la 2.2.8, versiones 2.3.x anteriores a 2.3.5, y 2.4.x hasta la 2.4.1 permite que los atacantes provoquen una denegación de servicio (cierre inesperado del intérprete) mediante una string manipulada. It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. • http://www.securityfocus.com/bid/100868 http://www.securitytracker.com/id/1039363 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html https://security.gentoo.org/glsa/201710-18 https://www.debian.org/security/2017/dsa-4031 https://www.ruby-lang.org/en/news/2017/09/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 0%CPEs: 14EXPL: 0

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. El código de autenticación Basic en la biblioteca WEBrick en Ruby en versiones anteriores a la 2.2.8, 2.3.x anteriores a la 2.3.5 y 2.4.x hasta la 2.4.1 permite que atacantes remotos inyecten secuencias de escape del emulador del terminal en su registro y que puedan ejecutar comandos arbitrarios mediante un nombre de usuario manipulado. It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. • http://www.securityfocus.com/bid/100853 http://www.securitytracker.com/id/1039363 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html https://security.gentoo.org/glsa/201710-18 https://usn.ubuntu.com/3528-1 https://usn&# • CWE-117: Improper Output Neutralization for Logs CWE-287: Improper Authentication •

CVSS: 9.1EPSS: 1%CPEs: 15EXPL: 2

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. Ruby, en versiones anteriores a la 2.4.2, 2.3.5 y 2.2.8, es vulnerable a una cadena de formato maliciosa qe contiene un especificador (*) con un valor grande negativo. Esta situación puede provocar un desbordamiento de búfer, provocando una corrupción de la memoria dinámica (heap) o una fuga de información de dicha memoria dinámica. A buffer underflow was found in ruby's sprintf function. • http://www.securityfocus.com/bid/100862 http://www.securitytracker.com/id/1039363 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/mruby/mruby/issues/3722 https://hackerone.com/reports/212241 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html https://security.gentoo.org/glsa/201710-18 https:/ • CWE-122: Heap-based Buffer Overflow CWE-134: Use of Externally-Controlled Format String •

CVSS: 9.8EPSS: 0%CPEs: 29EXPL: 1

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. Ruby hasta la versión 2.2.7, 2.3.x hasta la 2.3.4, y 2.4.x hasta la 2.4.1 puede exponer memoria arbitraria durante una llamada JSON.generate. Los problemas surgen al usar strdup en ext/json/ext/generator/generator.c, el cual se detendría después de encontrar un byte '\0', devolviendo un puntero a un string de longitud cero, que no es la longitud almacenada en space_len. A buffer overflow vulnerability was found in the JSON extension of ruby. • http://www.securityfocus.com/bid/100890 http://www.securitytracker.com/id/1039363 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://bugs.ruby-lang.org/issues/13853 https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85 https://hackerone.com/reports/209949 https://lists. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •