Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4766-1:03D2D
HistorySep 24, 2020 - 8:50 p.m.

[SECURITY] [DSA 4766-1] rails security update

2020-09-2420:50:38
lists.debian.org
41

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.8%

JSON

Debian Security Advisory DSA-4766-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
September 24, 2020 https://www.debian.org/security/faq

Package : rails
CVE ID : CVE-2020-8162 CVE-2020-8164 CVE-2020-8165 CVE-2020-8166
CVE-2020-8167 CVE-2020-15169

Multiple security issues were discovered in the Rails web framework
which could result in cross-site scripting, information leaks, code
execution, cross-site request forgery or bypass of upload limits.

For the stable distribution (buster), these problems have been fixed in
version 2:5.2.2.1+dfsg-1+deb10u2.

We recommend that you upgrade your rails packages.

For the detailed security status of rails please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rails

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10allruby-actionmailer< 2:5.2.2.1+dfsg-1+deb10u2ruby-actionmailer_2:5.2.2.1+dfsg-1+deb10u2_all.deb
Debian10allruby-actionview< 2:5.2.2.1+dfsg-1+deb10u2ruby-actionview_2:5.2.2.1+dfsg-1+deb10u2_all.deb
Debian10allruby-activesupport< 2:5.2.2.1+dfsg-1+deb10u2ruby-activesupport_2:5.2.2.1+dfsg-1+deb10u2_all.deb
Debian10allruby-activemodel< 2:5.2.2.1+dfsg-1+deb10u2ruby-activemodel_2:5.2.2.1+dfsg-1+deb10u2_all.deb
Debian10allruby-actioncable< 2:5.2.2.1+dfsg-1+deb10u2ruby-actioncable_2:5.2.2.1+dfsg-1+deb10u2_all.deb
Debian10allruby-activerecord< 2:5.2.2.1+dfsg-1+deb10u2ruby-activerecord_2:5.2.2.1+dfsg-1+deb10u2_all.deb
Debian10allruby-rails< 2:5.2.2.1+dfsg-1+deb10u2ruby-rails_2:5.2.2.1+dfsg-1+deb10u2_all.deb
Debian10allruby-activestorage< 2:5.2.2.1+dfsg-1+deb10u2ruby-activestorage_2:5.2.2.1+dfsg-1+deb10u2_all.deb
Debian10allruby-railties< 2:5.2.2.1+dfsg-1+deb10u2ruby-railties_2:5.2.2.1+dfsg-1+deb10u2_all.deb
Debian10allruby-activejob< 2:5.2.2.1+dfsg-1+deb10u2ruby-activejob_2:5.2.2.1+dfsg-1+deb10u2_all.deb
Rows per page:
1-10 of 121

Related

osv 16
openvas 29
nessus 19
freebsd 2
debian 3
redhat 1
suse 7
gitlab 4
debiancve 6
prion 6
hackerone 5
redhatcve 6
githubexploit 7
github 6
ubuntucve 6
cve 6
veracode 6
ibm 4
checkpoint_advisories 1
fedora 14
rosalinux 1
osv
osv
rails - security update
2020-09-24 00:00:00
rails - security update
2020-06-19 00:00:00
rails - security update
2020-07-20 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4766-1)
2020-09-26 00:00:00
Ruby on Raily < 5.2.4.3, 6.x < 6.0.3.1 Multiple Vulnerabilities - Windows
2020-06-29 00:00:00
Ruby on Raily < 5.2.4.3, 6.x < 6.0.3.1 Multiple Vulnerabilities - Linux
2020-06-29 00:00:00
nessus
nessus
Debian DSA-4766-1 : rails - security update
2020-09-25 00:00:00
FreeBSD : Rails -- multiple vulnerabilities (85fca718-99f6-11ea-bf1d-08002728f74c)
2020-05-20 00:00:00
Debian DLA-2251-1 : rails security update
2020-06-22 00:00:00
freebsd
freebsd
Rails -- multiple vulnerabilities
2020-05-18 00:00:00
Rails -- Potential XSS vulnerability
2020-09-09 00:00:00
debian
debian
[SECURITY] [DLA 2251-1] rails security update
2020-06-19 17:14:46
[SECURITY] [DLA 2282-1] rails security update
2020-07-20 13:17:33
[SECURITY] [DLA 2403-1] rails security update
2020-10-09 18:20:48
redhat
redhat
(RHSA-2021:1313) Moderate: Satellite 6.9 Release
2021-04-21 12:43:38
suse
suse
Security update for rmt-server (important)
2020-11-23 00:00:00
Security update for rmt-server (important)
2020-11-21 00:00:00
Security update for rubygem-activesupport-5_1 (critical)
2020-10-17 00:00:00
gitlab
gitlab
Cross-site Scripting
2020-09-11 00:00:00
Unrestricted Upload of File with Dangerous Type
2020-06-19 00:00:00
Cross-Site Request Forgery (CSRF)
2020-06-19 00:00:00
debiancve
debiancve
CVE-2020-15169
2020-09-11 16:15:00
CVE-2020-8162
2020-06-19 17:15:00
CVE-2020-8167
2020-06-19 18:15:00
prion
prion
Design/Logic Flaw
2020-06-19 17:15:00
Cross site scripting
2020-09-11 16:15:00
Deserialization of untrusted data
2020-06-19 18:15:00
hackerone
hackerone
Ruby on Rails: ActiveStorage direct upload fails to sign content-length header for S3 service
2020-02-05 22:24:41
Ruby on Rails: The authenticity_token can be reversed and used to forge valid per_form_csrf_tokens for arbitrary routes
2019-11-08 14:03:47
Ruby on Rails: ActionController::Parameters .each returns an unsafe hash
2017-11-24 15:05:52
redhatcve
redhatcve
CVE-2020-8162
2020-06-02 14:53:24
CVE-2020-15169
2020-09-09 21:27:05
CVE-2020-8166
2020-06-02 17:53:07
githubexploit
githubexploit
Exploit for Cross-site Scripting in Action View Project Action View
2020-10-08 15:42:37
Exploit for Deserialization of Untrusted Data in Rubyonrails Rails
2021-01-15 07:31:21
Exploit for Deserialization of Untrusted Data in Rubyonrails Rails
2020-05-20 04:27:52
github
github
XSS in Action View
2020-09-11 15:19:57
Ability to forge per-form CSRF tokens in Rails
2020-05-26 15:11:13
Circumvention of file size limits in ActiveStorage
2020-05-26 15:09:48
ubuntucve
ubuntucve
CVE-2020-15169
2020-09-11 00:00:00
CVE-2020-8162
2020-06-19 00:00:00
CVE-2020-8165
2020-06-19 00:00:00
cve
cve
CVE-2020-8162
2020-06-19 17:15:00
CVE-2020-15169
2020-09-11 16:15:00
CVE-2020-8165
2020-06-19 18:15:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-09-14 02:56:27
Arbitrary Code Execution
2020-05-27 04:08:15
Unrestricted File Upload
2020-05-19 07:08:51
ibm
ibm
Security Bulletin: A security vulnerability in Rails Action View affects the IBM Cloud Pak for Multicloud Management Infrastructure Management
2020-12-14 18:39:49
Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8164).
2020-10-01 13:27:06
Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2020-8166).
2020-10-01 13:31:13
checkpoint_advisories
checkpoint_advisories
Ruby On Rails Remote Code Execution (CVE-2020-8165)
2020-11-29 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: rubygem-activerecord-6.0.3.3-1.fc33
2020-10-05 00:18:00
[SECURITY] Fedora 33 Update: rubygem-actionmailer-6.0.3.3-1.fc33
2020-10-05 00:17:59
[SECURITY] Fedora 33 Update: rubygem-actiontext-6.0.3.3-1.fc33
2020-10-05 00:17:59
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.8%

JSON
Related for DEBIAN:DSA-4766-1:03D2D
osv16openvas29nessus19freebsd2debian3redhat1suse7gitlab4debiancve6prion6hackerone5redhatcve6githubexploit7github6ubuntucve6cve6veracode6ibm4checkpoint_advisories1fedora14rosalinux1