Search CVE reports
81 – 90 of 150 results
Some fixes available 1 of 6
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Some fixes available 1 of 5
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption)...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
1 affected package
ruby-rails-html-sanitizer
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-rails-html-sanitizer | — | — | — | Not affected |
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by...
1 affected package
ruby-rails-html-sanitizer
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-rails-html-sanitizer | — | — | — | Not affected |
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.
1 affected package
ruby-rails-html-sanitizer
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-rails-html-sanitizer | — | — | — | Not affected |
Some fixes available 1 of 5
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Some fixes available 1 of 5
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Some fixes available 1 of 7
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Some fixes available 1 of 7
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of...
1 affected package
ruby-jquery-rails
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-jquery-rails | — | — | — | Not affected |