FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318524
Date:      2013-05-19
Time:      14:06:36Z
Committer: rakuco

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c79eb109-a754-45d7-b552-a42099eb2265	Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON Aaron Patterson reports: When parsing certain JSON documents, the JSON gem can be coerced in to creating Ruby symbols in a target system. Since Ruby symbols are not garbage collected, this can result in a denial of service attack. The same technique can be used to create objects in a target system that act like internal objects. These "act alike" objects can be used to bypass certain security mechanisms and can be used as a spring board for SQL injection attacks in Ruby on Rails. Discovery 2013-02-11 Entry 2013-02-16 ruby ge 1.9,1 lt 1.9.3.385,1 rubygem18-json lt 1.7.7 rubygem19-json lt 1.7.7 rubygem18-json_pure lt 1.7.7 rubygem19-json_pure lt 1.7.7 CVE-2013-0269
844cf3f5-9259-4b3e-ac9e-13ca17333ed7	ruby -- DoS vulnerability in REXML Ruby developers report: Unrestricted entity expansion can lead to a DoS vulnerability in REXML. (The CVE identifier will be assigned later.) We strongly recommend to upgrade ruby. When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service. Discovery 2013-02-22 Entry 2013-02-24 ruby ge 1.9,1 lt 1.9.3.392,1 http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
d3e96508-056b-4259-88ad-50dc8d1978a6	Ruby -- XSS exploit of RDoc documentation generated by rdoc Ruby developers report: RDoc documentation generated by rdoc bundled with ruby are vulnerable to an XSS exploit. All ruby users are recommended to update ruby to newer version which includes security-fixed RDoc. If you are publishing RDoc documentation generated by rdoc, you are recommended to apply a patch for the documentaion or re-generate it with security-fixed RDoc. Discovery 2013-02-06 Entry 2013-02-16 ruby ge 1.9,1 lt 1.9.3.385,1 rubygem18-rdoc lt 3.12.1 rubygem19-rdoc lt 3.12.1 CVE-2013-0256

VuXML ID

Description

c79eb109-a754-45d7-b552-a42099eb2265

Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON

Aaron Patterson reports:

When parsing certain JSON documents, the JSON gem can be coerced in to creating Ruby symbols in a target system. Since Ruby symbols are not garbage collected, this can result in a denial of service attack.

The same technique can be used to create objects in a target system that act like internal objects. These "act alike" objects can be used to bypass certain security mechanisms and can be used as a spring board for SQL injection attacks in Ruby on Rails.

Discovery 2013-02-11
Entry 2013-02-16
ruby

ge 1.9,1 lt 1.9.3.385,1

rubygem18-json

lt 1.7.7

rubygem19-json

lt 1.7.7

rubygem18-json_pure

lt 1.7.7

rubygem19-json_pure

lt 1.7.7

CVE-2013-0269

844cf3f5-9259-4b3e-ac9e-13ca17333ed7

ruby -- DoS vulnerability in REXML

Ruby developers report:

Unrestricted entity expansion can lead to a DoS vulnerability in REXML. (The CVE identifier will be assigned later.) We strongly recommend to upgrade ruby.

When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service.

Discovery 2013-02-22
Entry 2013-02-24
ruby

ge 1.9,1 lt 1.9.3.392,1

http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/

d3e96508-056b-4259-88ad-50dc8d1978a6

Ruby -- XSS exploit of RDoc documentation generated by rdoc

Ruby developers report:

RDoc documentation generated by rdoc bundled with ruby are vulnerable to an XSS exploit. All ruby users are recommended to update ruby to newer version which includes security-fixed RDoc. If you are publishing RDoc documentation generated by rdoc, you are recommended to apply a patch for the documentaion or re-generate it with security-fixed RDoc.

Discovery 2013-02-06
Entry 2013-02-16
ruby

ge 1.9,1 lt 1.9.3.385,1

rubygem18-rdoc

lt 3.12.1

rubygem19-rdoc

lt 3.12.1

CVE-2013-0256