FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  362632
Date:      2014-07-23
Time:      07:50:19Z
Committer: delphij

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
844cf3f5-9259-4b3e-ac9e-13ca17333ed7ruby -- DoS vulnerability in REXML

Ruby developers report:

Unrestricted entity expansion can lead to a DoS vulnerability in REXML. (The CVE identifier will be assigned later.) We strongly recommend to upgrade ruby.

When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service.


Discovery 2013-02-22
Entry 2013-02-24
ruby
ge 1.9,1 lt 1.9.3.392,1

http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
34e0316a-aa91-11df-8c2e-001517289bf8ruby -- UTF-7 encoding XSS vulnerability in WEBrick

The official ruby site reports:

WEBrick have had a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via a crafted URI. This does not affect user agents that strictly implement HTTP/1.1, however, some user agents do not.


Discovery 2010-08-16
Entry 2010-08-17
Modified 2010-08-20
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.7.248_3,1

ge 1.9.*,1 lt 1.9.1.430,1

40895
CVE-2010-0541
http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/
d3e96508-056b-4259-88ad-50dc8d1978a6Ruby -- XSS exploit of RDoc documentation generated by rdoc

Ruby developers report:

RDoc documentation generated by rdoc bundled with ruby are vulnerable to an XSS exploit. All ruby users are recommended to update ruby to newer version which includes security-fixed RDoc. If you are publishing RDoc documentation generated by rdoc, you are recommended to apply a patch for the documentaion or re-generate it with security-fixed RDoc.


Discovery 2013-02-06
Entry 2013-02-16
ruby
ge 1.9,1 lt 1.9.3.385,1

rubygem18-rdoc
lt 3.12.1

rubygem19-rdoc
lt 3.12.1

CVE-2013-0256
c79eb109-a754-45d7-b552-a42099eb2265Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON

Aaron Patterson reports:

When parsing certain JSON documents, the JSON gem can be coerced in to creating Ruby symbols in a target system. Since Ruby symbols are not garbage collected, this can result in a denial of service attack.

The same technique can be used to create objects in a target system that act like internal objects. These "act alike" objects can be used to bypass certain security mechanisms and can be used as a spring board for SQL injection attacks in Ruby on Rails.


Discovery 2013-02-11
Entry 2013-02-16
ruby
ge 1.9,1 lt 1.9.3.385,1

rubygem18-json
lt 1.7.7

rubygem19-json
lt 1.7.7

rubygem18-json_pure
lt 1.7.7

rubygem19-json_pure
lt 1.7.7

CVE-2013-0269
34e0316a-aa91-11df-8c2e-001517289bf8ruby -- UTF-7 encoding XSS vulnerability in WEBrick

The official ruby site reports:

WEBrick have had a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via a crafted URI. This does not affect user agents that strictly implement HTTP/1.1, however, some user agents do not.


Discovery 2010-08-16
Entry 2010-08-17
Modified 2010-08-20
ruby
ruby+pthreads
ruby+pthreads+oniguruma
ruby+oniguruma
ge 1.8.*,1 lt 1.8.7.248_3,1

ge 1.9.*,1 lt 1.9.1.430,1

40895
CVE-2010-0541
http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/