6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
73.6%
Updated ruby-activerecord and ruby-actionpack packages fix security vulnerabilities: There is a data injection vulnerability in Active Record. Specially crafted strings can be used to save data in PostgreSQL array columns that may not be intended (CVE-2014-0080). There is an XSS vulnerability in the number_to_currency, number_to_percentage and number_to_human helpers in Ruby on Rails (CVE-2014-0081). The associated packages have been updated to version 4.0.3 to fix these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | ruby-actionmailer | < 4.0.3-1 | ruby-actionmailer-4.0.3-1.mga4 |
Mageia | 4 | noarch | ruby-actionpack | < 4.0.3-1 | ruby-actionpack-4.0.3-1.mga4 |
Mageia | 4 | noarch | ruby-activemodel | < 4.0.3-1 | ruby-activemodel-4.0.3-1.mga4 |
Mageia | 4 | noarch | ruby-activerecord | < 4.0.3-1 | ruby-activerecord-4.0.3-1.mga4 |
Mageia | 4 | noarch | ruby-activesupport | < 4.0.3-1 | ruby-activesupport-4.0.3-1.mga4 |
Mageia | 4 | noarch | ruby-rails | < 4.0.3-1 | ruby-rails-4.0.3-1.mga4 |
Mageia | 4 | noarch | ruby-railties | < 4.0.3-1 | ruby-railties-4.0.3-1.mga4 |