CVSS: 7.5EPSS: 94%CPEs: 73EXPL: 9CVE-2016-2098 – Ruby on Rails ActionPack Inline ERB - Code Execution
https://notcve.org/view.php?id=CVE-2016-2098
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. Action Pack en Ruby on Rails en versiones anteriores a 3.2.22.2, 4.x en versiones anteriores a 4.1.14.2 y 4.2.x en versiones anteriores a 4.2.5.2 permite a atacantes remotos ejecutar código Ruby arbitrario aprovechando el uso no restringido del método render de una aplicación. A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code. • https://www.exploit-db.com/exploits/40086 https://github.com/0x00-0x00/CVE-2016-2098 https://github.com/its-arun/CVE-2016-2098 https://github.com/Shakun8/CVE-2016-2098 https://github.com/j4k0m/CVE-2016-2098 https://github.com/Debalinax64/CVE-2016-2098 https://github.com/Alejandro-MartinG/rails-PoC-CVE-2016-2098 https://github.com/3rg1s/CVE-2016-2098 https://github.com/DanielHemmati/CVE-2016-2098-my-first-exploit http://lists.opensuse.org/opensuse-security-announce/ • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2015-7578
https://notcve.org/view.php?id=CVE-2015-7578
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes. Vulnerabilidad de XSS en la gema rails-html-sanitizer en versiones anteriores a 1.0.3 para Ruby on Rails 4.2.x y 5.x permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de atributos de etiqueta manipulados. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178046.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178064.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html http://www.openwall.com/lists/oss-security/2016/01/25/11 http://www.securitytracker.com/id/1034816 https://git • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2015-7580
https://notcve.org/view.php?id=CVE-2015-7580
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node. Vulnerabilidad de XSS en lib/rails/html/scrubbers.rb en la gema rails-html-sanitizer en versiones anteriores a 1.0.3 para Ruby on Rails 4.2.x y 5.x permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nodo CDATA manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html http://www.openwall.com/lists/oss-security/2016/01/25/15 http://www.securitytracker.com/id/1034816 https://github.com/rails/rails-html-sanitizer/commit/63903b0eaa6d2a4e1c91bc86008256c4c8335e78 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/uh--W4TDwmI/m_CVZtdbFQAJ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0CVE-2015-7579
https://notcve.org/view.php?id=CVE-2015-7579
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class. Vulnerabilidad de XSS in la gema rails-html-sanitizer 1.0.2 para Ruby on Rails 4.2.x y 5.x permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una entidad HTML que no es manejada adecuadamente por la clase Rails::Html::FullSanitizer. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178046.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178064.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html http://www.openwall.com/lists/oss-security/2016/01/25/12 http://www.securitytracker.com/id/1034816 https://git • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 86EXPL: 0CVE-2015-7576 – rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller
https://notcve.org/view.php?id=CVE-2015-7576
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences. El método http_basic_authenticate_with en actionpack/lib/action_controller/metal/http_authentication.rb en la implementación Basic Authentication en Action Controller en Ruby on Rails en versiones anteriores a 3.2.22.1, 4.0.x y 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 no usa el algoritmo de tiempo constante para verificar credenciales, lo que hace que sea más fácil para atacantes remotos eludir la autenticación mediante la medición de las diferencias de temporización. A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html http://lists.opensuse.org/opensuse-updates/201 • CWE-254: 7PK - Security Features CWE-385: Covert Timing Channel •