Rubygems

A man-in-the-middle attacker can exploit a vulnerability in Net::IMAP's STARTTLS implementation to bypass TLS encryption, leading to cleartext transmission of sensitive information by injecting a spoofed 'OK' response during the TLS negotiation.

A deserialization vulnerability exists in Ruby ERB versions before 4.0.3.1, version 4.0.4, ERB versions 5.0.0 before 6.0.1.1, and ERB versions 6.0.2 before 6.0.4. The `@_init` instance variable guard in `ERB#result` and `ERB#run` can be bypassed via `ERB#def_module`, `ERB#def_method`, and `ERB#def_class`, allowing arbitrary code execution when an ERB object is reconstructed via `Marshal.load` on untrusted data.

A SQL injection vulnerability exists in the Time-Series Database (TSDB) component of COSMOS, allowing an authenticated remote user to execute arbitrary SQL commands, including telemetry data disclosure and deletion.

The OpenC3 COSMOS Script Runner widget allows authenticated users to bypass API permissions checks and execute administrative actions by running specially crafted Python and Ruby scripts, leading to data manipulation and privilege escalation.

Katalyst Koi versions before 4.20.0 and between 5.0.0 and 5.6.0 fail to invalidate admin session cookies upon logout, allowing attackers with a valid cookie to maintain unauthorized access.

Avo framework version 3.x contains a critical Broken Access Control vulnerability in the ActionsController. Due to insecure action lookup logic, an authenticated user can execute any Action class on any resource, even if the action is not registered for that specific resource. This leads to Privilege Escalation and unauthorized data manipulation across the entire application. Version 3.31.2 remediates this issue.