CVE-2013-1857 – rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails
https://notcve.org/view.php?id=CVE-2013-1857
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence. El sanitize helper en lib/action_controller/vendor/html-scanner/html/sanitizer.rb en el componente Action Pack en Ruby on Rails en versiones anteriores a 2.3.18, 3.0.x y 3.1.x en versiones anteriores a 3.1.12 y 3.2.x en versiones anteriores a 3.2.13 no maneja adecuadamente codificación de caracteres : (dos puntos) en URLs, lo que hace que sea más fácil para atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) a través de un nombre de esquema manipulado, según lo demostrado incluyendo una secuencia :. A cross-site scripting (XSS) flaw was found in Action Pack. A remote attacker could use this flaw to conduct XSS attacks against users of an application using Action Pack. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-0698.html http://rhn.redhat.com/errata/RHSA-2014-1863.html http://support.apple.com/kb/HT5784 http:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-1854 – rubygem-activerecord: attribute_dos Symbol DoS vulnerability
https://notcve.org/view.php?id=CVE-2013-1854
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. El componente Active Record en Ruby on Rails v2.3.x anterior a v2.3.18, v3.1.x anterior a v3.1.12, y v3.2.x anterior a v3.2.13, procesa determinadas consultas mediante la conversión de los hash de las claves a símbolos, lo que permite a atacantes remotos provocar una denegación de servicio a través de una entrada manipulada al método "where". A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service (resource consumption) attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html http://rhn.redhat.com • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVE-2013-1855 – rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css
https://notcve.org/view.php?id=CVE-2013-1855
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences. El método sanitize_css en lib/action_controller/vendor/html-scanner/html/sanitizer.rb en el componente Action Pack en Ruby on Rails anterior a v2.3.18, v3.0.x y v3.1.x anterior a v3.1.12, y v3.2.x anterior a v3.2.13, no menaja adecuadamente los caracteres \n (nueva línea), lo que facilita a atacantes remotos llevar a cabo ataques XSS a través de secuencias CSS. A cross-site scripting (XSS) flaw was found in Action Pack. A remote attacker could use this flaw to conduct XSS attacks against users of an application using Action Pack. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-0698.html http://rhn.redhat.com/errata/RHSA-2014-1863.html http://support.apple.com/kb/HT5784 http:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0277
https://notcve.org/view.php?id=CVE-2013-0277
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML. Active Record en Ruby on Rails v3.x anteriores a v3.1.0 y v2.3.x anteriores a v2.3.17 permite a atacantes remotos causar una denegación de servicio o ejecución de código arbitrario a través de atributos serializados manipulados que causan al asistente +serialize+ la des-serialización arbitraria del YAML. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html http://secunia.com/advisories/52112 http://securitytracker.com/id?1028109 http://support.apple.com/kb/HT5784 http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released http://www.debian.org/security/2013/dsa-2620 http://www.openwall.com/lists/oss-security/2013/02/11/6 http://www.osv •
CVE-2013-0333 – Ruby on Rails - JSON Processor YAML Deserialization Code Execution
https://notcve.org/view.php?id=CVE-2013-0333
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156. lib/active_support/json/backends/yaml.rb en Ruby on Rails v2.3.x anterior a v2.3.16 y v3.0.x anterior a v3.0.20 no convierte correctamente los datos de tipo JSON a datos YAML para el procesamiento por el analizador YAML, lo cual permite a atacantes remotos ejecutar código arbitrario, conducir ataques de inyección SQL, o saltare la autentificación a través de la modificación de datos que disparan una descodificación insegura, esta vulnerabilidad es diferente a CVE-2013-0156. • https://www.exploit-db.com/exploits/24434 https://github.com/heroku/heroku-CVE-2013-0333 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html http://rhn.redhat.com/errata/RHSA-2013-0201.html http://rhn.redhat.com/errata/RHSA-2013-0202.html http://rhn.redhat.com/errata/RHSA-2013-0203.html http://support.apple.com/kb/HT5784 http://weblog.rubyonrails.org/2013/1/28/Rails-3-0 • CWE-502: Deserialization of Untrusted Data •