Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by thoughtbot
CVE-2016-3098 (GCVE-0-2016-3098)
Vulnerability from cvelistv5 – Published: 2022-08-05 15:22 – Updated: 2024-08-05 23:47
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://seclists.org/oss-sec/2016/q2/0 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | administrate |
Affected:
0.1.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:56.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2016/q2/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "administrate",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user\u0027s OAuth autorization code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:22:14.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2016/q2/0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "administrate",
"version": {
"version_data": [
{
"version_value": "0.1.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user\u0027s OAuth autorization code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/oss-sec/2016/q2/0",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2016/q2/0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3098",
"datePublished": "2022-08-05T15:22:14.000Z",
"dateReserved": "2016-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:47:56.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23435 (GCVE-0-2021-23435)
Vulnerability from cvelistv5 – Published: 2021-09-12 20:05 – Updated: 2024-09-16 23:55
VLAI
Title
Open Redirect
Summary
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).
Severity
7.6 (High)
CWE
- Open Redirect
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284 | x_refsource_MISC |
| https://github.com/thoughtbot/clearance/pull/945 | x_refsource_MISC |
Impacted products
Date Public
2021-09-12 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:56.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thoughtbot/clearance/pull/945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clearance",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Snyk Security Team"
}
],
"datePublic": "2021-09-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-12T20:05:10.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thoughtbot/clearance/pull/945"
}
],
"title": "Open Redirect",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-09-12T20:00:23.031648Z",
"ID": "CVE-2021-23435",
"STATE": "PUBLIC",
"TITLE": "Open Redirect"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "clearance",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Snyk Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284"
},
{
"name": "https://github.com/thoughtbot/clearance/pull/945",
"refsource": "MISC",
"url": "https://github.com/thoughtbot/clearance/pull/945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2021-23435",
"datePublished": "2021-09-12T20:05:10.404Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:55:46.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5257 (GCVE-0-2020-5257)
Vulnerability from cvelistv5 – Published: 2020-03-13 21:05 – Updated: 2024-08-04 08:22
VLAI
Title
Sort order SQL injection in Administrate
Summary
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0.
Severity
7.7 (High)
CWE
- CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/thoughtbot/administrate/securi… | x_refsource_CONFIRM |
| https://github.com/thoughtbot/administrate/commit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| thoughtbot | administrate |
Affected:
< 0.13.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "administrate",
"vendor": "thoughtbot",
"versions": [
{
"status": "affected",
"version": "\u003c 0.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-943",
"description": "CWE-943: Improper Neutralization of Special Elements in Data Query Logic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-13T21:05:15.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3"
}
],
"source": {
"advisory": "GHSA-2p5p-m353-833w",
"discovery": "UNKNOWN"
},
"title": "Sort order SQL injection in Administrate",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5257",
"STATE": "PUBLIC",
"TITLE": "Sort order SQL injection in Administrate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "administrate",
"version": {
"version_data": [
{
"version_value": "\u003c 0.13.0"
}
]
}
}
]
},
"vendor_name": "thoughtbot"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-943: Improper Neutralization of Special Elements in Data Query Logic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w",
"refsource": "CONFIRM",
"url": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w"
},
{
"name": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3",
"refsource": "MISC",
"url": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3"
}
]
},
"source": {
"advisory": "GHSA-2p5p-m353-833w",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5257",
"datePublished": "2020-03-13T21:05:15.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0889 (GCVE-0-2017-0889)
Vulnerability from cvelistv5 – Published: 2017-11-13 17:00 – Updated: 2024-09-16 19:21
VLAI
Summary
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
Severity
No CVSS data available.
CWE
- CWE-918 - Server-Side Request Forgery (SSRF) (CWE-918)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://hackerone.com/reports/209430 | x_refsource_MISC |
| https://github.com/thoughtbot/paperclip/pull/2435 | x_refsource_CONFIRM |
| https://hackerone.com/reports/713 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| thoughtbot | paperclip ruby gem |
Affected:
All versions since 3.1.4
|
Date Public
2017-04-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:18:06.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/209430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "paperclip ruby gem",
"vendor": "thoughtbot",
"versions": [
{
"status": "affected",
"version": "All versions since 3.1.4"
}
]
}
],
"datePublic": "2017-04-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF) (CWE-918)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-13T16:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/209430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2017-04-21T00:00:00",
"ID": "CVE-2017-0889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "paperclip ruby gem",
"version": {
"version_data": [
{
"version_value": "All versions since 3.1.4"
}
]
}
}
]
},
"vendor_name": "thoughtbot"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/209430",
"refsource": "MISC",
"url": "https://hackerone.com/reports/209430"
},
{
"name": "https://github.com/thoughtbot/paperclip/pull/2435",
"refsource": "CONFIRM",
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
},
{
"name": "https://hackerone.com/reports/713",
"refsource": "MISC",
"url": "https://hackerone.com/reports/713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0889",
"datePublished": "2017-11-13T17:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:21:11.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2963 (GCVE-0-2015-2963)
Vulnerability from cvelistv5 – Published: 2015-07-10 17:00 – Updated: 2024-08-06 05:32
VLAI
Summary
The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/75304 | vdb-entryx_refsource_BID |
| https://robots.thoughtbot.com/paperclip-security-… | x_refsource_CONFIRM |
| https://github.com/thoughtbot/paperclip/commit/9a… | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN83881261/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000088 | third-party-advisoryx_refsource_JVNDB |
| http://openwall.com/lists/oss-security/2015/06/19/3 | mailing-listx_refsource_MLIST |
Date Public
2015-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75304",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75304"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://robots.thoughtbot.com/paperclip-security-release"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thoughtbot/paperclip/commit/9aee4112f36058cd28d5fe4a006d6981bd1eda57"
},
{
"name": "JVN#83881261",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN83881261/index.html"
},
{
"name": "JVNDB-2015-000088",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000088"
},
{
"name": "[oss-security] 20150618 Re: CVE request: Content type spoofing in ruby gem paperclip \u003c4.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/06/19/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "75304",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75304"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://robots.thoughtbot.com/paperclip-security-release"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thoughtbot/paperclip/commit/9aee4112f36058cd28d5fe4a006d6981bd1eda57"
},
{
"name": "JVN#83881261",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN83881261/index.html"
},
{
"name": "JVNDB-2015-000088",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000088"
},
{
"name": "[oss-security] 20150618 Re: CVE request: Content type spoofing in ruby gem paperclip \u003c4.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2015/06/19/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-2963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75304"
},
{
"name": "https://robots.thoughtbot.com/paperclip-security-release",
"refsource": "CONFIRM",
"url": "https://robots.thoughtbot.com/paperclip-security-release"
},
{
"name": "https://github.com/thoughtbot/paperclip/commit/9aee4112f36058cd28d5fe4a006d6981bd1eda57",
"refsource": "CONFIRM",
"url": "https://github.com/thoughtbot/paperclip/commit/9aee4112f36058cd28d5fe4a006d6981bd1eda57"
},
{
"name": "JVN#83881261",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN83881261/index.html"
},
{
"name": "JVNDB-2015-000088",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000088"
},
{
"name": "[oss-security] 20150618 Re: CVE request: Content type spoofing in ruby gem paperclip \u003c4.2.2",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/06/19/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-2963",
"datePublished": "2015-07-10T17:00:00.000Z",
"dateReserved": "2015-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:32:20.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4457 (GCVE-0-2013-4457)
Vulnerability from cvelistv5 – Published: 2013-11-02 18:00 – Updated: 2024-09-16 16:17
VLAI
Summary
The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/thoughtbot/cocaine/blob/master… | x_refsource_CONFIRM |
| http://osvdb.org/98835 | vdb-entryx_refsource_OSVDB |
| http://www.openwall.com/lists/oss-security/2013/1… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/55365 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thoughtbot/cocaine/blob/master/NEWS.md"
},
{
"name": "98835",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/98835"
},
{
"name": "[oss-security] 20131022 Recursive Interpolation Vulnerability in Cocaine rubygem (CVE-2013-4457)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/22/10"
},
{
"name": "55365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-02T18:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thoughtbot/cocaine/blob/master/NEWS.md"
},
{
"name": "98835",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/98835"
},
{
"name": "[oss-security] 20131022 Recursive Interpolation Vulnerability in Cocaine rubygem (CVE-2013-4457)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/22/10"
},
{
"name": "55365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thoughtbot/cocaine/blob/master/NEWS.md",
"refsource": "CONFIRM",
"url": "https://github.com/thoughtbot/cocaine/blob/master/NEWS.md"
},
{
"name": "98835",
"refsource": "OSVDB",
"url": "http://osvdb.org/98835"
},
{
"name": "[oss-security] 20131022 Recursive Interpolation Vulnerability in Cocaine rubygem (CVE-2013-4457)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/22/10"
},
{
"name": "55365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4457",
"datePublished": "2013-11-02T18:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:17:32.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3098 (GCVE-0-2016-3098)
Vulnerability from nvd – Published: 2022-08-05 15:22 – Updated: 2024-08-05 23:47
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://seclists.org/oss-sec/2016/q2/0 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | administrate |
Affected:
0.1.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:56.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2016/q2/0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "administrate",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user\u0027s OAuth autorization code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:22:14.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2016/q2/0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "administrate",
"version": {
"version_data": [
{
"version_value": "0.1.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user\u0027s OAuth autorization code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/oss-sec/2016/q2/0",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2016/q2/0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3098",
"datePublished": "2022-08-05T15:22:14.000Z",
"dateReserved": "2016-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:47:56.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23435 (GCVE-0-2021-23435)
Vulnerability from nvd – Published: 2021-09-12 20:05 – Updated: 2024-09-16 23:55
VLAI
Title
Open Redirect
Summary
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).
Severity
7.6 (High)
CWE
- Open Redirect
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284 | x_refsource_MISC |
| https://github.com/thoughtbot/clearance/pull/945 | x_refsource_MISC |
Impacted products
Date Public
2021-09-12 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:56.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thoughtbot/clearance/pull/945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "clearance",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Snyk Security Team"
}
],
"datePublic": "2021-09-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-12T20:05:10.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thoughtbot/clearance/pull/945"
}
],
"title": "Open Redirect",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-09-12T20:00:23.031648Z",
"ID": "CVE-2021-23435",
"STATE": "PUBLIC",
"TITLE": "Open Redirect"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "clearance",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Snyk Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284"
},
{
"name": "https://github.com/thoughtbot/clearance/pull/945",
"refsource": "MISC",
"url": "https://github.com/thoughtbot/clearance/pull/945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2021-23435",
"datePublished": "2021-09-12T20:05:10.404Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:55:46.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5257 (GCVE-0-2020-5257)
Vulnerability from nvd – Published: 2020-03-13 21:05 – Updated: 2024-08-04 08:22
VLAI
Title
Sort order SQL injection in Administrate
Summary
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0.
Severity
7.7 (High)
CWE
- CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/thoughtbot/administrate/securi… | x_refsource_CONFIRM |
| https://github.com/thoughtbot/administrate/commit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| thoughtbot | administrate |
Affected:
< 0.13.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "administrate",
"vendor": "thoughtbot",
"versions": [
{
"status": "affected",
"version": "\u003c 0.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-943",
"description": "CWE-943: Improper Neutralization of Special Elements in Data Query Logic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-13T21:05:15.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3"
}
],
"source": {
"advisory": "GHSA-2p5p-m353-833w",
"discovery": "UNKNOWN"
},
"title": "Sort order SQL injection in Administrate",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5257",
"STATE": "PUBLIC",
"TITLE": "Sort order SQL injection in Administrate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "administrate",
"version": {
"version_data": [
{
"version_value": "\u003c 0.13.0"
}
]
}
}
]
},
"vendor_name": "thoughtbot"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-943: Improper Neutralization of Special Elements in Data Query Logic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w",
"refsource": "CONFIRM",
"url": "https://github.com/thoughtbot/administrate/security/advisories/GHSA-2p5p-m353-833w"
},
{
"name": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3",
"refsource": "MISC",
"url": "https://github.com/thoughtbot/administrate/commit/3ab838b83c5f565fba50e0c6f66fe4517f98eed3"
}
]
},
"source": {
"advisory": "GHSA-2p5p-m353-833w",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5257",
"datePublished": "2020-03-13T21:05:15.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0889 (GCVE-0-2017-0889)
Vulnerability from nvd – Published: 2017-11-13 17:00 – Updated: 2024-09-16 19:21
VLAI
Summary
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
Severity
No CVSS data available.
CWE
- CWE-918 - Server-Side Request Forgery (SSRF) (CWE-918)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://hackerone.com/reports/209430 | x_refsource_MISC |
| https://github.com/thoughtbot/paperclip/pull/2435 | x_refsource_CONFIRM |
| https://hackerone.com/reports/713 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| thoughtbot | paperclip ruby gem |
Affected:
All versions since 3.1.4
|
Date Public
2017-04-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:18:06.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/209430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "paperclip ruby gem",
"vendor": "thoughtbot",
"versions": [
{
"status": "affected",
"version": "All versions since 3.1.4"
}
]
}
],
"datePublic": "2017-04-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF) (CWE-918)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-13T16:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/209430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/713"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2017-04-21T00:00:00",
"ID": "CVE-2017-0889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "paperclip ruby gem",
"version": {
"version_data": [
{
"version_value": "All versions since 3.1.4"
}
]
}
}
]
},
"vendor_name": "thoughtbot"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/209430",
"refsource": "MISC",
"url": "https://hackerone.com/reports/209430"
},
{
"name": "https://github.com/thoughtbot/paperclip/pull/2435",
"refsource": "CONFIRM",
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
},
{
"name": "https://hackerone.com/reports/713",
"refsource": "MISC",
"url": "https://hackerone.com/reports/713"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-0889",
"datePublished": "2017-11-13T17:00:00.000Z",
"dateReserved": "2016-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:21:11.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2963 (GCVE-0-2015-2963)
Vulnerability from nvd – Published: 2015-07-10 17:00 – Updated: 2024-08-06 05:32
VLAI
Summary
The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/75304 | vdb-entryx_refsource_BID |
| https://robots.thoughtbot.com/paperclip-security-… | x_refsource_CONFIRM |
| https://github.com/thoughtbot/paperclip/commit/9a… | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN83881261/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000088 | third-party-advisoryx_refsource_JVNDB |
| http://openwall.com/lists/oss-security/2015/06/19/3 | mailing-listx_refsource_MLIST |
Date Public
2015-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75304",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75304"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://robots.thoughtbot.com/paperclip-security-release"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thoughtbot/paperclip/commit/9aee4112f36058cd28d5fe4a006d6981bd1eda57"
},
{
"name": "JVN#83881261",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN83881261/index.html"
},
{
"name": "JVNDB-2015-000088",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000088"
},
{
"name": "[oss-security] 20150618 Re: CVE request: Content type spoofing in ruby gem paperclip \u003c4.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/06/19/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "75304",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75304"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://robots.thoughtbot.com/paperclip-security-release"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thoughtbot/paperclip/commit/9aee4112f36058cd28d5fe4a006d6981bd1eda57"
},
{
"name": "JVN#83881261",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN83881261/index.html"
},
{
"name": "JVNDB-2015-000088",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000088"
},
{
"name": "[oss-security] 20150618 Re: CVE request: Content type spoofing in ruby gem paperclip \u003c4.2.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2015/06/19/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-2963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75304"
},
{
"name": "https://robots.thoughtbot.com/paperclip-security-release",
"refsource": "CONFIRM",
"url": "https://robots.thoughtbot.com/paperclip-security-release"
},
{
"name": "https://github.com/thoughtbot/paperclip/commit/9aee4112f36058cd28d5fe4a006d6981bd1eda57",
"refsource": "CONFIRM",
"url": "https://github.com/thoughtbot/paperclip/commit/9aee4112f36058cd28d5fe4a006d6981bd1eda57"
},
{
"name": "JVN#83881261",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN83881261/index.html"
},
{
"name": "JVNDB-2015-000088",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000088"
},
{
"name": "[oss-security] 20150618 Re: CVE request: Content type spoofing in ruby gem paperclip \u003c4.2.2",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/06/19/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-2963",
"datePublished": "2015-07-10T17:00:00.000Z",
"dateReserved": "2015-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:32:20.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4457 (GCVE-0-2013-4457)
Vulnerability from nvd – Published: 2013-11-02 18:00 – Updated: 2024-09-16 16:17
VLAI
Summary
The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/thoughtbot/cocaine/blob/master… | x_refsource_CONFIRM |
| http://osvdb.org/98835 | vdb-entryx_refsource_OSVDB |
| http://www.openwall.com/lists/oss-security/2013/1… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/55365 | third-party-advisoryx_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/thoughtbot/cocaine/blob/master/NEWS.md"
},
{
"name": "98835",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/98835"
},
{
"name": "[oss-security] 20131022 Recursive Interpolation Vulnerability in Cocaine rubygem (CVE-2013-4457)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/22/10"
},
{
"name": "55365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-02T18:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/thoughtbot/cocaine/blob/master/NEWS.md"
},
{
"name": "98835",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/98835"
},
{
"name": "[oss-security] 20131022 Recursive Interpolation Vulnerability in Cocaine rubygem (CVE-2013-4457)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/22/10"
},
{
"name": "55365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thoughtbot/cocaine/blob/master/NEWS.md",
"refsource": "CONFIRM",
"url": "https://github.com/thoughtbot/cocaine/blob/master/NEWS.md"
},
{
"name": "98835",
"refsource": "OSVDB",
"url": "http://osvdb.org/98835"
},
{
"name": "[oss-security] 20131022 Recursive Interpolation Vulnerability in Cocaine rubygem (CVE-2013-4457)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/22/10"
},
{
"name": "55365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4457",
"datePublished": "2013-11-02T18:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:17:32.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}