Search CVE reports
71 – 80 of 150 results
SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because...
7 affected packages
rails, ruby-actionpack-3.2, ruby-rails-3.2, rails-4.0, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | Not affected | Not affected | Not affected | Not affected |
| ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release |
| rails-4.0 | Not in release | Not in release | Not in release | Not in release |
| ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release |
SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because...
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | Not affected | Not affected | Not affected | Not affected |
| rails-4.0 | Not in release | Not in release | Not in release | Not in release |
| ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release |
SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation...
7 affected packages
rails, ruby-rails-3.2, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | Not affected | Not affected | Not affected | Not affected |
| ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release |
| rails-4.0 | Not in release | Not in release | Not in release | Not in release |
| ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release |
SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because...
7 affected packages
rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2, ruby-activesupport-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails-4.0 | Not in release | Not in release | Not in release | Not in release |
| ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release |
| rails | Not affected | Not affected | Not affected | Not affected |
| ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release |
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activemodel-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activemodel-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activemodel-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activemodel-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Some fixes available 1 of 5
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activemodel-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Some fixes available 1 of 9
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |