Ruby/moped/1.2.2
A MongoDB driver for Ruby.
https://rubygems.org/gems/moped
UNKNOWN
2 Security Vulnerabilities
Moped Rubygem Data Injection Vulnerability
Published date: 2020-08-19T16:45:49Z
CVE: CVE-2015-4410
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2015-4410
- https://github.com/advisories/GHSA-f93j-hmcr-jcwh
- https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
- https://bugzilla.redhat.com/show_bug.cgi?id=1229757
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/moped/CVE-2015-4410.yml
- https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html
- https://rubygems.org/gems/moped/versions
- https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
- https://seclists.org/oss-sec/2015/q2/653
- https://www.securityfocus.com/bid/75045
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html
- http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
- http://www.openwall.com/lists/oss-security/2015/06/06/3
- http://www.securityfocus.com/bid/75045
- https://web.archive.org/web/20200228085849/http://www.securityfocus.com/bid/75045
The Moped::BSON::ObjecId.legal?
method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.
Affected versions:
["2.0.4", "2.0.3", "2.0.2", "2.0.1", "2.0.0", "1.5.2", "1.5.1", "1.5.0", "1.4.5", "1.4.4", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.3.2", "1.3.1", "1.3.0", "1.2.9", "1.2.8", "1.2.7", "1.2.6", "1.2.5", "1.2.4", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.1", "1.0.0", "1.0.0.rc", "1.0.0.beta", "1.0.0.alpha", "0.0.0.beta"]
Secure versions:
[2.0.7, 2.0.6, 2.0.5, 1.5.3]
Recommendation:
Update to version 2.0.7.
Data Injection Vulnerability in moped Rubygem
Published date: 2015-06-04
CVE: 2015-4410
CVSS V3: 7.5
A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object.
Affected versions:
["2.0.4", "2.0.3", "2.0.2", "2.0.1", "2.0.0", "2.0.0.rc2", "2.0.0.rc1", "2.0.0.beta6", "2.0.0.beta5", "2.0.0.beta4", "2.0.0.beta3", "2.0.0.beta2", "2.0.0.beta", "1.4.5", "1.4.4", "1.4.3", "1.4.2", "1.4.1", "1.4.0", "1.3.2", "1.3.1", "1.3.0", "1.2.9", "1.2.8", "1.2.7", "1.2.6", "1.2.5", "1.2.4", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.1", "1.0.0", "1.0.0.rc", "1.0.0.beta", "1.0.0.alpha", "0.0.0.beta"]
Secure versions:
[2.0.7, 2.0.6, 2.0.5, 1.5.3]
Recommendation:
Update to version 2.0.7.
51 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
2.0.7 | UNKNOWN | 2015-08-15 - 08:39 | almost 9 years | |
2.0.6 | UNKNOWN | 2015-06-11 - 06:36 | almost 9 years | |
2.0.5 | UNKNOWN | 2015-06-04 - 12:55 | almost 9 years | |
2.0.4 | UNKNOWN | 2 | 2015-02-20 - 18:49 | about 9 years |
2.0.3 | UNKNOWN | 2 | 2015-01-02 - 18:20 | over 9 years |
2.0.2 | UNKNOWN | 2 | 2014-11-18 - 14:15 | over 9 years |
2.0.1 | UNKNOWN | 2 | 2014-10-16 - 19:01 | over 9 years |
2.0.0 | UNKNOWN | 2 | 2014-06-23 - 14:34 | almost 10 years |
2.0.0.rc2 | UNKNOWN | 1 | 2014-06-16 - 02:41 | almost 10 years |
2.0.0.rc1 | UNKNOWN | 1 | 2014-04-01 - 22:44 | about 10 years |
2.0.0.beta6 | UNKNOWN | 1 | 2014-02-01 - 13:16 | over 10 years |
2.0.0.beta5 | UNKNOWN | 1 | 2014-01-10 - 08:17 | over 10 years |
2.0.0.beta4 | UNKNOWN | 1 | 2013-12-02 - 16:39 | over 10 years |
2.0.0.beta3 | UNKNOWN | 1 | 2013-10-14 - 15:48 | over 10 years |
2.0.0.beta2 | UNKNOWN | 1 | 2013-10-04 - 11:23 | over 10 years |
2.0.0.beta | UNKNOWN | 1 | 2013-09-24 - 14:32 | over 10 years |
1.5.3 | UNKNOWN | 2015-06-06 - 14:40 | almost 9 years | |
1.5.2 | UNKNOWN | 1 | 2014-01-28 - 13:42 | over 10 years |
1.5.1 | UNKNOWN | 1 | 2013-08-11 - 11:56 | almost 11 years |
1.5.0 | UNKNOWN | 1 | 2013-05-16 - 13:33 | about 11 years |
1.4.5 | UNKNOWN | 2 | 2013-03-27 - 16:25 | about 11 years |
1.4.4 | UNKNOWN | 2 | 2013-03-22 - 11:45 | about 11 years |
1.4.3 | UNKNOWN | 2 | 2013-02-28 - 12:52 | about 11 years |
1.4.2 | UNKNOWN | 2 | 2013-02-09 - 16:34 | over 11 years |
1.4.1 | UNKNOWN | 2 | 2013-02-09 - 15:58 | over 11 years |
1.4.0 | UNKNOWN | 2 | 2013-02-06 - 16:36 | over 11 years |
1.3.2 | UNKNOWN | 2 | 2012-12-24 - 20:36 | over 11 years |
1.3.1 | UNKNOWN | 2 | 2012-12-02 - 15:05 | over 11 years |
1.3.0 | UNKNOWN | 2 | 2012-11-18 - 13:16 | over 11 years |
1.2.9 | UNKNOWN | 2 | 2012-11-12 - 09:37 | over 11 years |
1.2.8 | UNKNOWN | 2 | 2012-11-04 - 19:02 | over 11 years |
1.2.7 | UNKNOWN | 2 | 2012-10-06 - 19:33 | over 11 years |
1.2.6 | UNKNOWN | 2 | 2012-10-04 - 14:25 | over 11 years |
1.2.5 | UNKNOWN | 2 | 2012-09-24 - 05:34 | over 11 years |
1.2.4 | UNKNOWN | 2 | 2012-09-24 - 05:28 | over 11 years |
1.2.2 | UNKNOWN | 2 | 2012-09-16 - 11:25 | over 11 years |
1.2.1 | UNKNOWN | 2 | 2012-08-27 - 09:58 | over 11 years |
1.2.0 | UNKNOWN | 2 | 2012-07-29 - 18:39 | almost 12 years |
1.1.6 | UNKNOWN | 2 | 2012-07-29 - 18:31 | almost 12 years |
1.1.5 | UNKNOWN | 2 | 2012-07-24 - 11:41 | almost 12 years |
1.1.4 | UNKNOWN | 2 | 2012-07-24 - 11:33 | almost 12 years |
1.1.3 | UNKNOWN | 2 | 2012-07-20 - 09:04 | almost 12 years |
1.1.2 | UNKNOWN | 2 | 2012-07-15 - 22:23 | almost 12 years |
1.1.1 | UNKNOWN | 2 | 2012-07-06 - 08:51 | almost 12 years |
1.1.0 | UNKNOWN | 2 | 2012-06-30 - 18:35 | almost 12 years |
1.0.1 | UNKNOWN | 2 | 2012-07-07 - 07:56 | almost 12 years |
1.0.0 | UNKNOWN | 2 | 2012-06-26 - 11:52 | almost 12 years |
1.0.0.rc | UNKNOWN | 2 | 2012-05-28 - 12:06 | almost 12 years |
1.0.0.beta | UNKNOWN | 2 | 2012-04-20 - 09:22 | about 12 years |
1.0.0.alpha | UNKNOWN | 2 | 2012-04-13 - 12:39 | about 12 years |
0.0.0.beta | UNKNOWN | 2 | 2011-12-14 - 09:19 | over 12 years |