Page 5 of 90 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 222EXPL: 0

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers. Vulnerabilidad de XSS en Action View en Ruby en Rails 3.x en versiones anteriores a 3.2.22.3, 4.x en versiones anteriores a 4.2.7.1 y 5.x en versiones anteriores a 5.0.0.1 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de texto declarado como "HTML safe" y utilizado como valores de atributos en los manejadores de etiquetas. It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. • http://rhn.redhat.com/errata/RHSA-2016-1855.html http://rhn.redhat.com/errata/RHSA-2016-1856.html http://rhn.redhat.com/errata/RHSA-2016-1857.html http://rhn.redhat.com/errata/RHSA-2016-1858.html http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released http://www.debian.org/security/2016/dsa-3651 http://www.openwall.com/lists/oss-security/2016/08/11/3 http://www.securityfocus.com/bid/92430 https://group • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 1%CPEs: 51EXPL: 0

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752. Vulnerabilidad de salto directorio en Action View en Ruby on Rails en versiones anteriores a 3.2.22.2 y 4.x en versiones anteriores a 4.1.14.2 permite a atacantes remotos leer archivos arbitrarios aprovechando el uso no restringido del método render de una aplicación y proporcionando un .. (punto punto) en un nombre de ruta. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released http://www.debian.org/security/2016/dsa-3509 http://www.securityfocus.com/bid/83726 http://www.securitytracker.com/id/1035122 https://groups.google.com/forum/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 94%CPEs: 73EXPL: 9

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. Action Pack en Ruby on Rails en versiones anteriores a 3.2.22.2, 4.x en versiones anteriores a 4.1.14.2 y 4.2.x en versiones anteriores a 4.2.5.2 permite a atacantes remotos ejecutar código Ruby arbitrario aprovechando el uso no restringido del método render de una aplicación. A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code. • https://www.exploit-db.com/exploits/40086 https://github.com/0x00-0x00/CVE-2016-2098 https://github.com/its-arun/CVE-2016-2098 https://github.com/Shakun8/CVE-2016-2098 https://github.com/j4k0m/CVE-2016-2098 https://github.com/Debalinax64/CVE-2016-2098 https://github.com/Alejandro-MartinG/rails-PoC-CVE-2016-2098 https://github.com/3rg1s/CVE-2016-2098 https://github.com/DanielHemmati/CVE-2016-2098-my-first-exploit http://lists.opensuse.org/opensuse-security-announce/ • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 1%CPEs: 86EXPL: 0

The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences. El método http_basic_authenticate_with en actionpack/lib/action_controller/metal/http_authentication.rb en la implementación Basic Authentication en Action Controller en Ruby on Rails en versiones anteriores a 3.2.22.1, 4.0.x y 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 no usa el algoritmo de tiempo constante para verificar credenciales, lo que hace que sea más fácil para atacantes remotos eludir la autenticación mediante la medición de las diferencias de temporización. A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html http://lists.opensuse.org/opensuse-updates/201 • CWE-254: 7PK - Security Features CWE-385: Covert Timing Channel •

CVSS: 7.5EPSS: 2%CPEs: 41EXPL: 0

actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route. actionpack/lib/action_dispatch/routing/route_set.rb en Action Pack en Ruby on Rails 4.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 permite a atacantes remotos causar una denegación de servicio (almacenamiento en caché superfluo y consumo de memoria) aprovechando el uso de una ruta de controlador comodín por una aplicación. A flaw was found in the Action Pack component's caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html http://rhn.redhat.com/errata/RHSA-2016-0296.html http://www.debian.org/security/2016/dsa-3464 http://www.openwall.com/lists/oss-security/2016/01/25/16 http://www.securityfocus.com/bid&#x • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •