Search CVE reports

Toggle filters

21 – 30 of 150 results

CVE-2024-26143

Medium priority
Needs evaluation

Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in...

7 affected packages

rails, ruby-rails-3.2, ruby-actionpack-3.2, ruby-activesupport-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ruby-rails-3.2 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
rails-4.0 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-26142

Medium priority
Needs evaluation

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations...

7 affected packages

rails, ruby-rails-3.2, ruby-actionpack-3.2, ruby-activesupport-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ruby-rails-3.2 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
rails-4.0 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-22797

Medium priority
Needs evaluation

An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing...

7 affected packages

rails, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2, ruby-activesupport-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ruby-actionpack-3.2 Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release
rails-4.0 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-22796

Medium priority
Needs evaluation

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-22795

Medium priority
Needs evaluation

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-22794

Medium priority
Needs evaluation

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-22792

Medium priority
Needs evaluation

A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2022-44566

Medium priority
Needs evaluation

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the...

7 affected packages

rails, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2, ruby-activesupport-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ruby-actionpack-3.2 Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release
rails-4.0 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2022-23520

Medium priority
Needs evaluation

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix...

1 affected package

ruby-rails-html-sanitizer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby-rails-html-sanitizer Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-23519

Medium priority
Needs evaluation

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject...

1 affected package

ruby-rails-html-sanitizer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ruby-rails-html-sanitizer Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON