Lucene search
K

65 matches found

OSV
OSV
added 2024/06/24 12:0 a.m.11 views

OPENSUSE-SU-2024:14070-1 ruby3.3-rubygem-activestorage-7.0-7.0.8.4-1.1 on GA media

These are all security issues fixed in the ruby3.3-rubygem-activestorage-7.0-7.0.8.4-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS9.5AI score0.02742EPSS
Exploits0References1
OSV
OSV
added 2024/06/15 12:0 a.m.10 views

OPENSUSE-SU-2024:12880-1 ruby3.2-rubygem-activestorage-7.0-7.0.4.3-1.1 on GA media

These are all security issues fixed in the ruby3.2-rubygem-activestorage-7.0-7.0.4.3-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS9.5AI score0.02742EPSS
Exploits0References1
OSV
OSV
added 2024/06/15 12:0 a.m.25 views

OPENSUSE-SU-2024:11827-1 ruby3.1-rubygem-activestorage-6.0-6.0.4.4-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-activestorage-6.0-6.0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.2AI score0.98507EPSS
Exploits20References3
OSV
OSV
added 2024/06/15 12:0 a.m.7 views

OPENSUSE-SU-2024:11329-1 ruby2.7-rubygem-activestorage-6.0-6.0.4-1.2 on GA media

These are all security issues fixed in the ruby2.7-rubygem-activestorage-6.0-6.0.4-1.2 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.1AI score0.98507EPSS
Exploits20References3
OSV
OSV
added 2024/06/15 12:0 a.m.11 views

OPENSUSE-SU-2024:11903-1 ruby3.1-rubygem-activestorage-7.0-7.0.2.3-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-activestorage-7.0-7.0.2.3-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS9.5AI score0.02742EPSS
Exploits0References1
Veracode
Veracode
added 2024/02/28 9:45 a.m.21 views

Session Token Disclosure

activestorage is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Set-Cookie header getting cached when serving blobs if Rails is behind a proxy. Certain proxies may cache the Set-Cookie header, which can result in a users session being disclosed to another user...

5.3CVSS6.5AI score0.01119EPSS
Exploits0References6Affected Software1
Hacker One
Hacker One
added 2024/01/25 2:17 p.m.9 views

Ruby on Rails: Path traversal in AcitveStorage, and lead RCE

Vulnerability description not provided...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2023/09/16 12:0 a.m.7 views

Fedora: Security Advisory for rubygem-activestorage (FEDORA-2023-4f0bb4ff5e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2023/09/15 7:4 p.m.11 views

[SECURITY] Fedora 39 Update: rubygem-activestorage-7.0.7.2-1.fc39

Attach cloud and local files in Rails applications...

6.8AI score
Exploits0
OpenVAS
OpenVAS
added 2023/04/06 12:0 a.m.22 views

Fedora: Security Advisory for rubygem-activestorage (FEDORA-2023-7002afbbb8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.7AI score0.00907EPSS
Exploits0References2
Fedora
Fedora
added 2023/04/05 1:36 a.m.24 views

[SECURITY] Fedora 37 Update: rubygem-activestorage-7.0.4.3-1.fc37

Attach cloud and local files in Rails applications...

5.3CVSS7.5AI score0.00907EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/04/02 12:0 a.m.11 views

Fedora: Security Advisory for rubygem-activestorage (FEDORA-2023-d6157bb1e2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.7AI score0.00907EPSS
Exploits0References2
Fedora
Fedora
added 2023/04/01 12:17 a.m.36 views

[SECURITY] Fedora 38 Update: rubygem-activestorage-7.0.4.3-1.fc38

Attach cloud and local files in Rails applications...

5.3CVSS7.5AI score0.00907EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.3 views

SUSE CVE-2020-8162

A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...

7.5CVSS7.1AI score0.03065EPSS
Exploits1References3
Hacker One
Hacker One
added 2021/09/01 3:42 p.m.37 views

Ruby on Rails: Content Security Policy is only active for HTML responses but not for image/svg+xml

A vulnerability was discovered in Rails where the Content Security Policy CSP was only applied to HTML responses and not to image/svg+xml responses. This allowed an attacker to execute malicious JavaScript code by uploading a malicious SVG file and sending a link to the victim...

6.1CVSS6.3AI score0.01594EPSS
Exploits0
Hacker One
Hacker One
added 2021/04/07 3:5 a.m.33 views

Ruby on Rails: Argument/Code Injection via ActiveStorage's image transformation functionality

An argument/code injection vulnerability was discovered in ActiveStorage's image transformation functionality. This vulnerability allowed an attacker to inject arbitrary arguments into the image transformation command, potentially leading to remote code execution. The vulnerability was found in t...

9.8CVSS9.5AI score0.02742EPSS
Exploits0
Fedora
Fedora
added 2020/10/05 12:18 a.m.45 views

[SECURITY] Fedora 33 Update: rubygem-activestorage-6.0.3.3-1.fc33

Attach cloud and local files in Rails applications...

6.5CVSS1.4AI score0.02372EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/10/05 12:0 a.m.25 views

Fedora: Security Advisory for rubygem-activestorage (FEDORA-2020-4dd34860a3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1AI score
Exploits0References2
OSV
OSV
added 2020/06/19 5:15 p.m.4 views

DEBIAN-CVE-2020-8162

A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...

7.5CVSS6.9AI score0.03065EPSS
Exploits1References1
NVD
NVD
added 2020/06/19 5:15 p.m.20 views

CVE-2020-8162

A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...

7.5CVSS0.03065EPSS
Exploits1References3
Rows per page
Query Builder