rails -- multiple vulnerabilities

2013-12-0300:00:00

vuxml.freebsd.org

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.173 Low

EPSS

Percentile

96.0%

JSON

Rails weblog:

Rails 3.2.16 and 4.0.2 have been released! These two
releases contain important security fixes, so please upgrade
as soon as possible! In order to make upgrading as smooth as
possible, we’ve only included commits directly related to
each security issue.
The security fixes in 3.2.16 are:

CVE-2013-4491
CVE-2013-6414
CVE-2013-6415
CVE-2013-6417

The security fixes in 4.0.2 are:

CVE-2013-4491
CVE-2013-6414
CVE-2013-6415
CVE-2013-6416
CVE-2013-6417

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchrubygem-actionmailer< 3.2.16UNKNOWN
FreeBSDanynoarchrubygem-actionpack< 3.2.16UNKNOWN
FreeBSDanynoarchrubygem-activemodel< 3.2.16UNKNOWN
FreeBSDanynoarchrubygem-activerecord< 3.2.16UNKNOWN
FreeBSDanynoarchrubygem-activeresource< 3.2.16UNKNOWN
FreeBSDanynoarchrubygem-activesupport< 3.2.16UNKNOWN
FreeBSDanynoarchrubygem-rails< 3.2.16UNKNOWN
FreeBSDanynoarchrubygem-railties< 3.2.16UNKNOWN
FreeBSDanynoarchrubygem-actionpack4< 4.0.2UNKNOWN
FreeBSDanynoarchrubygem-activesupport4< 4.0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	rubygem-actionmailer	< 3.2.16	UNKNOWN
FreeBSD	any	noarch	rubygem-actionpack	< 3.2.16	UNKNOWN
FreeBSD	any	noarch	rubygem-activemodel	< 3.2.16	UNKNOWN
FreeBSD	any	noarch	rubygem-activerecord	< 3.2.16	UNKNOWN
FreeBSD	any	noarch	rubygem-activeresource	< 3.2.16	UNKNOWN
FreeBSD	any	noarch	rubygem-activesupport	< 3.2.16	UNKNOWN
FreeBSD	any	noarch	rubygem-rails	< 3.2.16	UNKNOWN
FreeBSD	any	noarch	rubygem-railties	< 3.2.16	UNKNOWN
FreeBSD	any	noarch	rubygem-actionpack4	< 4.0.2	UNKNOWN
FreeBSD	any	noarch	rubygem-activesupport4	< 4.0.2	UNKNOWN