CVE-2013-1855 – rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css
https://notcve.org/view.php?id=CVE-2013-1855
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences. El método sanitize_css en lib/action_controller/vendor/html-scanner/html/sanitizer.rb en el componente Action Pack en Ruby on Rails anterior a v2.3.18, v3.0.x y v3.1.x anterior a v3.1.12, y v3.2.x anterior a v3.2.13, no menaja adecuadamente los caracteres \n (nueva línea), lo que facilita a atacantes remotos llevar a cabo ataques XSS a través de secuencias CSS. A cross-site scripting (XSS) flaw was found in Action Pack. A remote attacker could use this flaw to conduct XSS attacks against users of an application using Action Pack. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-0698.html http://rhn.redhat.com/errata/RHSA-2014-1863.html http://support.apple.com/kb/HT5784 http:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0155 – rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
https://notcve.org/view.php?id=CVE-2013-0155
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694. Ruby on Rails v3.0.x anteior a v3.0.19, v3.1.x anteior a v3.1.10, y v3.2.x anteior a v3.2.11 no considera adecuadamente las diferencias en el manejo de parámetros entre el componente Active Record y la implementación JSON, lo que permite a atacantes remotos evitar las restricciones de peticiones a base de datos y realizar chequeos NULL o provocar un WHERE a través de una consulta manipulada. Como se ha demostrado mdiante determinados valires "[nil]". Relacionado con los CVE-2012-2660 y CVE-2012-2694. • http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-0154.html http://rhn.redhat.com/errata/RHSA-2013-0155. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-0156 – Ruby on Rails - Known Secret Session Cookie Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion. active_support/core_ext/hash/conversions.rb en Ruby on Rails anterior a v2.3.15, v3.0.x anterior a v3.0.19, v3.1.x anterior a v3.1.10, y v3.2.x anterior a v3.2.11 no restringe adecuadamente el "casting" de las variables de tipo cadena, lo que permite a atacantes remotos llevar a cabo ataques de inyección de objetos y la ejecución de código arbitrario o provocar una denegación de servicio (consumo de memoria y CPU) involucrando a referencias de entidades XML anidadas, aprovechando el soporte de Action Pack para lso tipos de conversion (1) YAML o (2) Symbol. • https://www.exploit-db.com/exploits/27527 https://www.exploit-db.com/exploits/24019 https://github.com/heroku/heroku-CVE-2013-0156 https://github.com/R3dKn33-zz/CVE-2013-0156 http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html http://rhn.redhat.com/errata/RHSA-2013-0153.html http://rhn.redhat.com/errata/RHSA-2013-0154.html http://rhn.redhat.com/errata/RHSA-2013-0155.html http://we • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •