Home page logo
/

oss-sec logo oss-sec mailing list archives

Some rubygems related CVEs
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 13 Feb 2013 19:39:23 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://github.com/rubysec/ruby-advisory-db/issues/7

=====================
omniauth-oauth2 CSRF

omniauth-oauth2 intridea/omniauth-oauth2#25
https://github.com/intridea/omniauth-oauth2/pull/25
https://gist.github.com/homakov/3673012
CSRF vulnerability, injecting state in session

Please use CVE-2012-6134 for this issue.

=====================
newrelic_rpm information disclosure

newrelic_rpm
https://newrelic.com/docs/ruby/ruby-agent-security-notification
A bug in the Ruby agent causes database connection information and raw
SQL statements to be transmitted to New Relic servers. The database
connection information includes the database IP address, username, and
password. The information is not stored or retransmitted by New Relic
and is immediately discarded.

Please use CVE-2013-0284 for this issue.

=====================
nori parameter parsing remote code execution

nori savonrb/nori () 818f526 (related to 2013-0156)
 Fix for remote code execution bug. For more in-depth information,
read about the recent [Rails
hotfix](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ).
Please make sure to upgrade now!

Please use CVE-2013-0285 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRHE5aAAoJEBYNRVNeJnmTmAYP/0Ih7uVNmA+OEhWCEbPA824J
AAy4x3S5EBjhPKwbCtc5rF6Lggt4uL6k6AKLDilSasMc+UCI7YBnKNOg5Y5GfbCz
8VjoQ/4iNf3VOV+SOmDq5dob0LDhgLRJtkaWiKRwiXRCwYHakJGGLAYGBGCfFDX4
Em75BMA2964DpBkdMfat4bGnS3Xip3i/yUJq8RikwkBQgTiB1NBShwjZ6yQ0wioA
UonyOP1RZprsn1UZRus+/TcpFAR+JS9bZ0zko9s7k+Fxlk/tvMDQdYuFrnp89h68
ucq3xS3MzYejoMADVvQkyDj4mPrzzACf7/1rHXFB1isrRJmKimUAwJELlbdOv43v
iyCqWrGgpYgo9Krln9p1rEp57g8xHV0gZ4KikAD5TpRlaAhtKh4V1HWpVGSi77G+
MIapr+ChCuRr2VJl8zf8/c6S9RFivZqpk1lFA4CNuUisD0EtgL4vDSUEp8u9SYHP
OekmQhZ71FAda3+m4pQQ2zYqFbal7KH84hPQc1s+j6h6LOQ40OXfkSaqf1Eh7wuM
aLZecAesDEzNseZyqaqoqAaYz6UckrrgQR7OAE7rKcSKeUXe61WgbzqUL5wx2/Gw
VeI0AhXe3ZNLVpyaFHCSTR+b3CVwlA/ENYQeKgIMDKxLxoK9fZFR44dRco9GOxck
/4zn0zP/MSk5YGNrw3wu
=RGNy
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]