Allele Security Intelligence

ASA-2019-00461 – Lenovo Iomega and LenovoEMC NAS: Unauthenticated file access via API

Posted on July 23, 2019July 24, 2019 by Allele Security Intelligence in Alerts

A vulnerability in Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.

ASA-2019-00360 – RubyGems: Escape sequence injection vulnerability in API response handling

Posted on June 19, 2019June 20, 2019 by Allele Security Intelligence in Alerts

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur.