oxidized icon indicating copy to clipboard operation
oxidized copied to clipboard

Published 20 hours ago verified publisher icon ytti

28 July 2022 - Security vulnerabilities

Open mightywomble opened this issue 3 years ago • 2 comments
trafficstars

The product fails several basic security scans I've listed the critical and high issues found, I can see that all of the versions referred to are available to Ubuntu 20.04

Would it be possible to get this updated, tested and deployed, I'm happy to help testing.

Critical

CGI Gem CVE-2021-41816

Fixed in: 0.1.1, 0.2.1, 0.3.1

8 months ago

Impacted versions: <=0.1.0,0.1 Discovered: 1 day ago Published: >8 months ago

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.

CVE-2021-41819

Fixed in: 0.1.1, 0.2.1, 0.3.1

8 months ago

Impacted versions: <=0.1.0,0.1 Discovered: 1 day ago Published: >8 months ago

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby.

High

webrick gem

CVE-2020-25613

Fixed in: 1.6.1, 1.4.4, 1.4.2.1

1 year ago

Impacted versions: <1.6.1 and >1.4.4 Discovered: 1 day ago Published: >1 year ago

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.

rexml gem

CVE-2021-28965 Fixed in: 3.2.5, 3.2.3.1, 3.1.9.1

1 year ago

mpacted versions: <3.2.3.1 and >3.1.9.1 Discovered: 1 day ago Published: >1 year ago

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

mightywomble avatar Jul 28 '22 14:07 mightywomble

Any follow up on this? these are severe CVE's and if the product is to be used on a company LAN then they should be resolved.

mightywomble avatar Aug 10 '22 08:08 mightywomble

  • webrick is only used in oxidized-web. Please open an issue there
  • I don't see where CGI is used
  • I don't see where rexml is used

mortzu avatar Aug 10 '22 09:08 mortzu