Lucene search
+L

217 matches found

CVE
CVE
added 2020/09/11 3:50 p.m.223 views

CVE-2020-15169

CVE-2020-15169 affects Rails Action View translation helpers. Vulnerability arises when user-controlled default for a missing translation key named html or ending in _html is treated as HTML-safe, allowing XSS. Affected are Action View versions prior to 5.2.4.4 and 6.0.3.3; patch versions 5.2.4.4...

6.1CVSS5.7AI score0.02372EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/09/11 3:19 p.m.46 views

GHSA-CFJV-5498-MPH5 XSS in Action View

There is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. Impact When an HTML-unsafe string is passed as the default for a...

5.4CVSS6.3AI score0.02372EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2020/09/11 3:19 p.m.53 views

XSS in Action View

There is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. Impact When an HTML-unsafe string is passed as the default for a...

6.1CVSS0.9AI score0.02372EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2020/09/11 12:0 a.m.50 views

Cross-site Scripting

In Action View there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default...

6.1CVSS2.7AI score0.02372EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2020/09/11 12:0 a.m.31 views

CVE-2020-15169

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...

6.1CVSS6.8AI score0.02372EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/09/10 12:0 a.m.7 views

PT-2020-6207 · Ruby +3 · Ruby On Rails +3

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions prior to 5.2.4.4 and 6.0.3.3 Description: The issue is related to a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default value of the t...

9.8CVSS6.5AI score0.98507EPSS
Exploits43References143
RubySec
RubySec
added 2020/09/09 12:0 a.m.38 views

Potential XSS vulnerability in Action View

There is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. Impact ------ When an HTML-unsafe string is passed as the default...

6.1CVSS1.8AI score0.02372EPSS
Exploits0References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2020/07/29 12:0 a.m.14 views

Rails Action View Information Disclosure (CVE-2019-5418)

An information disclosure vulnerability exists in Debian Linux. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

5CVSS3AI score0.98507EPSS
Exploits18
VulnCheck KEV
VulnCheck KEV
added 2019/12/17 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files...

7.5CVSS6.9AI score0.95537EPSS
Exploits11References1
RedhatCVE
RedhatCVE
added 2019/10/30 4:28 a.m.40 views

CVE-2019-5419

There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...

7.8CVSS4AI score0.08671EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2019/05/29 12:41 p.m.6 views

rubygem-actionpack: denial of service vulnerability in Action View

There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...

7.8CVSS7.1AI score0.08671EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2019/05/13 9:12 a.m.5 views

rubygem-actionpack: denial of service vulnerability in Action View

There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...

7.8CVSS7.1AI score0.08671EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2019/05/13 8:53 a.m.6 views

rubygem-actionpack: denial of service vulnerability in Action View

There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...

7.8CVSS7.1AI score0.08671EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2019/05/13 8:53 a.m.6 views

rubygem-actionpack: render file directory traversal in Action View

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...

7.5CVSS7AI score0.98507EPSS
Exploits18References7
RedHat Linux
RedHat Linux
added 2019/04/23 7:46 a.m.9 views

rubygem-actionpack: denial of service vulnerability in Action View

There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...

7.8CVSS7.1AI score0.08671EPSS
Exploits3References5
BDU FSTEC
BDU FSTEC
added 2019/04/23 12:0 a.m.11 views

The vulnerability of the Action View component of the Ruby on Rails software platform, allowing attackers to read arbitrary files

The vulnerability of the Action View component in the Ruby on Rails software framework is related to errors in handling HTTP headers “Accept” when used in the “render file” handler code. Exploiting this vulnerability allows an attacker to read arbitrary files...

7.5CVSS7AI score0.98507EPSS
Exploits18References5Affected Software4
BDU FSTEC
BDU FSTEC
added 2019/04/23 12:0 a.m.8 views

The vulnerability of the Action View component of the Ruby on Rails software platform, which allows a hacker to trigger a service failure.

The vulnerability of the Action View component in the Ruby on Rails software framework is related to errors in processing HTTP headers like “Accept”. Exploiting this vulnerability can allow an attacker to cause service interruptions...

7.8CVSS6.8AI score0.08671EPSS
Exploits3References6Affected Software4
NVD
NVD
added 2019/03/27 2:29 p.m.28 views

CVE-2019-5419

There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...

7.8CVSS7.3AI score0.08671EPSS
Exploits3References12
NVD
NVD
added 2019/03/27 2:29 p.m.27 views

CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

7.5CVSS7.4AI score0.98507EPSS
Exploits18References14
OSV
OSV
added 2019/03/27 2:29 p.m.3 views

DEBIAN-CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

7.5CVSS7.1AI score0.98507EPSS
Exploits18References1
Rows per page
Query Builder