Search CVE reports
111 – 120 of 148 results
Some fixes available 3 of 5
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute...
3 affected packages
rails, ruby-activesupport-2.3, ruby-activesupport-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| ruby-activesupport-2.3 | — | — | — | — |
| ruby-activesupport-3.2 | — | — | — | — |
Some fixes available 6 of 10
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers...
5 affected packages
libextlib-ruby, rails, ruby-activesupport-2.3, ruby-activesupport-3.2, ruby-extlib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libextlib-ruby | — | — | — | — |
| rails | — | — | — | — |
| ruby-activesupport-2.3 | — | — | — | — |
| ruby-activesupport-3.2 | — | — | — | — |
| ruby-extlib | — | — | — | — |
Some fixes available 7 of 9
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote...
5 affected packages
rails, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3, ruby-activerecord-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| ruby-actionpack-2.3 | — | — | — | — |
| ruby-actionpack-3.2 | — | — | — | — |
| ruby-activerecord-2.3 | — | — | — | — |
| ruby-activerecord-3.2 | — | — | — | — |
SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages...
3 affected packages
rails, ruby-activerecord-2.3, ruby-activerecord-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| ruby-activerecord-2.3 | — | — | — | — |
| ruby-activerecord-3.2 | — | — | — | — |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to...
6 affected packages
ruby-rails-2.3, rails, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activesupport-3.2, ruby-rails-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-rails-2.3 | — | — | — | Not in release |
| rails | — | — | — | Not affected |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Some fixes available 4 of 12
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject...
5 affected packages
rails, ruby-activesupport-2.3, ruby-activesupport-3.2, ruby-rails-2.3, ruby-rails-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| ruby-activesupport-2.3 | — | — | — | — |
| ruby-activesupport-3.2 | — | — | — | — |
| ruby-rails-2.3 | — | — | — | — |
| ruby-rails-3.2 | — | — | — | — |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web...
5 affected packages
rails, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-rails-2.3, ruby-rails-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which...
3 affected packages
rails, ruby-rails-2.3, ruby-rails-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote...
2 affected packages
rails, ruby-rails-2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| ruby-rails-2.3 | — | — | — | — |
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the...
2 affected packages
rails, ruby-rails-2.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| ruby-rails-2.3 | — | — | — | — |