245 matches found
UTF-8 escaping vulnerability in rails/activesupport
Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...
High severity vulnerability that affects rails
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...
Fedora Update for rubygem-activesupport FEDORA-2016-5760339e76
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 641-1] ruby-activesupport-3.2 security update
Package : ruby-activesupport-3.2 Version : 3.23.2.6-6+deb7u3 CVE ID : CVE-2016-0753 Active Support in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass...
[SECURITY] [DLA 603-1] ruby-activesupport-3.2 security update
Package : ruby-activesupport-3.2 Version : 3.2.6-6+deb7u2 CVE ID : CVE-2015-3227 The support and utility classes used by the Rails 3.2 framework allow remote attackers to cause a denial of service SystemStackError via a large XML document depth. For Debian 7 "Wheezy", these problems have been fix...
SUSE-SU-2016:0968-1 Security update for rubygem-activesupport-3_2
This update for rubygem-activesupport-32 fixes the following issues: The previous patch for CVE-2015-7576 was adding the file lib/activesupport/securityutils.rb but this file was not being added into the gemspec,thus the final gem did not contain that file...
SUSE-SU-2016:0857-1 Security update for rubygem-activesupport-4_1
This update for rubygem-activesupport-41 fixes the following issues: The previous security patch for CVE-2015-7576 was adding a new file but this file was not being added in the gemspec, thus the resulting gem didn't have it. This update includes the patch in the gem file too...
Fedora 23 : rubygem-activesupport-4.2.3-3.fc23 (2016-3ede04cd79)
Security fix for CVE-2015-7576 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Fedora 22 : rubygem-activesupport-4.2.0-4.fc22 (2016-cb30088b06)
Security fix for CVE-2015-7576 CVE-2016-0753 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
SUSE-SU-2016:0623-1 Security update for rubygem-activesupport-3_2
This update for rubygem-activesupport-32 fixes the following issues: - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller bsc963329...
Fedora Update for rubygem-activesupport FEDORA-2016-3
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 22 Update: rubygem-activesupport-4.2.0-4.fc22
Utility library which carries commonly used classes and goodies from the Rails framework...
SUSE-SU-2016:0600-1 Security update for rubygem-activesupport-4_1
This update for rubygem-activesupport-41 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention bsc963334 - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller bsc963329...
openSUSE Security Update : rubygem-actionpack-3_2 / rubygem-activesupport-3_2 (openSUSE-2016-160)
This update for rubygem-actionpack-32, rubygem-activesupport-32 fixes the following issues : - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller boo963329 - CVE-2016-0752: directory traversal and information leak in Action View boo963332 - CVE-2016-0751:...
SUSE-SU-2016:0082-1 Security update for rubygem-activesupport-4_1
This update fixes the following security issues: - CVE-2015-3227: Possible Denial of Service attack in Active Support bnc934800 - CVE-2015-3226: XSS Vulnerability in ActiveSupport::JSON bnc934799...
SUSE-SU-2016:0047-1 Security update for rubygem-activesupport-3_2
rubygem-activesupport-32 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3227: Possible Denial of Service attack in Active Support bsc934800...
openSUSE Security Update : rubygem-activesupport-3_2 (openSUSE-2015-506)
rubygem-activesupport-32 was updated to fix one security issue. This security issue was fixed : - CVE-2015-3227: Possible Denial of Service attack in Active Support bsc934800. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...
XSS Vulnerability in ActiveSupport::JSON.encode
When a Hash containing user-controlled data is encoded as JSON either through Hashtojson or ActiveSupport::JSON.encode, Rails does not perform adequate escaping that matches the guarantee implied by the escapehtmlentitiesinjson option which is enabled by default. If this resulting JSON string is...
Fedora Update for rubygem-activesupport FEDORA-2015-10538
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...