65 matches found
OPENSUSE-SU-2024:14070-1 ruby3.3-rubygem-activestorage-7.0-7.0.8.4-1.1 on GA media
These are all security issues fixed in the ruby3.3-rubygem-activestorage-7.0-7.0.8.4-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12880-1 ruby3.2-rubygem-activestorage-7.0-7.0.4.3-1.1 on GA media
These are all security issues fixed in the ruby3.2-rubygem-activestorage-7.0-7.0.4.3-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11827-1 ruby3.1-rubygem-activestorage-6.0-6.0.4.4-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-activestorage-6.0-6.0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11329-1 ruby2.7-rubygem-activestorage-6.0-6.0.4-1.2 on GA media
These are all security issues fixed in the ruby2.7-rubygem-activestorage-6.0-6.0.4-1.2 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11903-1 ruby3.1-rubygem-activestorage-7.0-7.0.2.3-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-activestorage-7.0-7.0.2.3-1.1 package on the GA media of openSUSE Tumbleweed...
Session Token Disclosure
activestorage is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Set-Cookie header getting cached when serving blobs if Rails is behind a proxy. Certain proxies may cache the Set-Cookie header, which can result in a users session being disclosed to another user...
Ruby on Rails: Path traversal in AcitveStorage, and lead RCE
Vulnerability description not provided...
Fedora: Security Advisory for rubygem-activestorage (FEDORA-2023-4f0bb4ff5e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: rubygem-activestorage-7.0.7.2-1.fc39
Attach cloud and local files in Rails applications...
Fedora: Security Advisory for rubygem-activestorage (FEDORA-2023-7002afbbb8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: rubygem-activestorage-7.0.4.3-1.fc37
Attach cloud and local files in Rails applications...
Fedora: Security Advisory for rubygem-activestorage (FEDORA-2023-d6157bb1e2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: rubygem-activestorage-7.0.4.3-1.fc38
Attach cloud and local files in Rails applications...
SUSE CVE-2020-8162
A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...
Ruby on Rails: Content Security Policy is only active for HTML responses but not for image/svg+xml
A vulnerability was discovered in Rails where the Content Security Policy CSP was only applied to HTML responses and not to image/svg+xml responses. This allowed an attacker to execute malicious JavaScript code by uploading a malicious SVG file and sending a link to the victim...
Ruby on Rails: Argument/Code Injection via ActiveStorage's image transformation functionality
An argument/code injection vulnerability was discovered in ActiveStorage's image transformation functionality. This vulnerability allowed an attacker to inject arbitrary arguments into the image transformation command, potentially leading to remote code execution. The vulnerability was found in t...
[SECURITY] Fedora 33 Update: rubygem-activestorage-6.0.3.3-1.fc33
Attach cloud and local files in Rails applications...
Fedora: Security Advisory for rubygem-activestorage (FEDORA-2020-4dd34860a3)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
DEBIAN-CVE-2020-8162
A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...
CVE-2020-8162
A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...