rubygem-actionpack: render file directory traversal in Action View

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...

Cross-Site Scripting (XSS)

The actionview module in ruby on rails is vulnerable to Cross-Site Scripting XSS attacks. This is due to a lack of escaping double quotes, allowing malicious users to execute arbitrary code...

Directory Traversal And Information Disclosure

actionview gem is vulnerable to directory traversal and information disclosure. This vulnerability affects applications which pass user input directly into the 'render' method in an action view controller without verification. Using this vulnerability, attackers can render files from outside the...

Fedora Update for rubygem-actionview FEDORA-2016-5760339e76

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

rubygem-actionview: cross-site scripting flaw in Action View

It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting XSS attack...

Fedora 23 : rubygem-actionview (2016-ab8bf51cf3)

Fix for CVE-2016-6316 rhbz1366480 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Fedora 24 : rubygem-actionview (2016-0d9890f7b5)

Fix for CVE-2016-6316 rhbz1366480 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

[SECURITY] Fedora 25 Update: rubygem-actionview-5.0.0.1-2.fc25

Simple, battle-tested conventions and helpers for building web pages...

Fedora Update for rubygem-actionview FEDORA-2016-ab8bf51cf3

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-actionview FEDORA-2016-0d9890f7b5

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 23 Update: rubygem-actionview-4.2.3-6.fc23

Simple, battle-tested conventions and helpers for building web pages...

[SECURITY] Fedora 24 Update: rubygem-actionview-4.2.5.2-3.fc24

Simple, battle-tested conventions and helpers for building web pages...

SUSE-SU-2016:0867-1 Security update for rubygem-actionview-4_2

This update for rubygem-actionview-42 fixes the following issues: - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack bsc968849...

SUSE-SU-2016:0854-1 Security update for rubygem-actionview-4_1

This update for rubygem-actionview-41 fixes the following issues: - CVE-2016-2097: rubygem-actionview: Possible Information Leak Vulnerability in Action View. bsc968850 - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack bsc968849...

Fedora 23 : rubygem-actionpack-4.2.3-5.fc23 / rubygem-actionview-4.2.3-5.fc23 (2016-f6af14570f)

Fix rails-html-sanitizer v1.0.3 compatibility. Fix code injection vulnerability CVE-2016-2098. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora Update for rubygem-actionview FEDORA-2016-3954061

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 22 : rubygem-actionpack-4.2.0-4.fc22 / rubygem-actionview-4.2.0-5.fc22 (2016-3954061e32)

Fix rails-html-sanitizer v1.0.3 compatibility. Fix code injection vulnerability CVE-2016-2098. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

[SECURITY] Fedora 22 Update: rubygem-actionview-4.2.0-5.fc22

Simple, battle-tested conventions and helpers for building web pages...

[SECURITY] Fedora 23 Update: rubygem-actionview-4.2.3-5.fc23

Simple, battle-tested conventions and helpers for building web pages...

openSUSE Security Update : rubygem-actionview-4_2 (openSUSE-2016-352)

This update for rubygem-actionview-42 fixes the following issues : - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack boo968849 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...