Search CVE reports
91 – 100 of 150 results
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when...
11 affected packages
rails, rails-3.2, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-3.2 | — | — | — | Not in release |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when...
11 affected packages
rails, rails-3.2, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-3.2 | — | — | — | Not in release |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to...
11 affected packages
rails, rails-3.2, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| rails-3.2 | — | — | — | — |
| rails-4.0 | — | — | — | — |
| ruby-actionpack-2.3 | — | — | — | — |
| ruby-actionpack-3.2 | — | — | — | — |
| ruby-activerecord-2.3 | — | — | — | — |
| ruby-activerecord-3.2 | — | — | — | — |
| ruby-activesupport-2.3 | — | — | — | — |
| ruby-activesupport-3.2 | — | — | — | — |
| ruby-rails-2.3 | — | — | — | — |
| ruby-rails-3.2 | — | — | — | — |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers...
7 affected packages
rails, rails-3.2, rails-4.0, ruby-activerecord-2.3, ruby-activerecord-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-3.2 | — | — | — | Not in release |
| rails-4.0 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute...
7 affected packages
rails, rails-3.2, rails-4.0, ruby-activerecord-2.3, ruby-activerecord-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-3.2 | — | — | — | Not in release |
| rails-4.0 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing...
2 affected packages
rails, rails-4.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause...
4 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary...
4 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to...
6 affected packages
rails, rails-4.0, ruby-activerecord-2.3, ruby-activerecord-3.2, ruby-rails-2.3, ruby-rails-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which...
9 affected packages
rails, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3, ruby-activerecord-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |