Search CVE reports
111 – 120 of 150 results
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize...
3 affected packages
rails, ruby-activerecord-2.3, ruby-activerecord-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| ruby-activerecord-2.3 | — | — | — | — |
| ruby-activerecord-3.2 | — | — | — | — |
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
3 affected packages
rails, ruby-activerecord-2.3, ruby-activerecord-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| ruby-activerecord-2.3 | — | — | — | — |
| ruby-activerecord-3.2 | — | — | — | — |
Some fixes available 3 of 5
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute...
3 affected packages
rails, ruby-activesupport-2.3, ruby-activesupport-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| ruby-activesupport-2.3 | — | — | — | — |
| ruby-activesupport-3.2 | — | — | — | — |
Some fixes available 6 of 10
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers...
5 affected packages
libextlib-ruby, rails, ruby-activesupport-2.3, ruby-activesupport-3.2, ruby-extlib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libextlib-ruby | — | — | — | — |
| rails | — | — | — | — |
| ruby-activesupport-2.3 | — | — | — | — |
| ruby-activesupport-3.2 | — | — | — | — |
| ruby-extlib | — | — | — | — |
Some fixes available 7 of 9
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote...
5 affected packages
rails, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3, ruby-activerecord-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| ruby-actionpack-2.3 | — | — | — | — |
| ruby-actionpack-3.2 | — | — | — | — |
| ruby-activerecord-2.3 | — | — | — | — |
| ruby-activerecord-3.2 | — | — | — | — |
SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages...
3 affected packages
rails, ruby-activerecord-2.3, ruby-activerecord-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| ruby-activerecord-2.3 | — | — | — | — |
| ruby-activerecord-3.2 | — | — | — | — |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to...
6 affected packages
ruby-rails-2.3, rails, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activesupport-3.2, ruby-rails-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-rails-2.3 | — | — | — | Not in release |
| rails | — | — | — | Not affected |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Some fixes available 4 of 12
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject...
5 affected packages
rails, ruby-activesupport-2.3, ruby-activesupport-3.2, ruby-rails-2.3, ruby-rails-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| ruby-activesupport-2.3 | — | — | — | — |
| ruby-activesupport-3.2 | — | — | — | — |
| ruby-rails-2.3 | — | — | — | — |
| ruby-rails-3.2 | — | — | — | — |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web...
5 affected packages
rails, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-rails-2.3, ruby-rails-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which...
3 affected packages
rails, ruby-rails-2.3, ruby-rails-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |