Lucene search
K

245 matches found

RubySec
RubySec
added 2017/10/24 12:0 a.m.24 views

UTF-8 escaping vulnerability in rails/activesupport

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a...

4.3CVSS6AI score0.02492EPSS
Exploits0References1Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2017/10/24 12:0 a.m.39 views

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...

7.5CVSS8.9AI score0.0303EPSS
Exploits1References21Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.23 views

High severity vulnerability that affects rails

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...

7.5CVSS8.9AI score0.0303EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2016/12/07 12:0 a.m.31 views

Fedora Update for rubygem-activesupport FEDORA-2016-5760339e76

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.03903EPSS
Exploits0References2
Debian
Debian
added 2016/09/30 1:19 p.m.32 views

[SECURITY] [DLA 641-1] ruby-activesupport-3.2 security update

Package : ruby-activesupport-3.2 Version : 3.23.2.6-6+deb7u3 CVE ID : CVE-2016-0753 Active Support in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass...

5.3CVSS6.7AI score0.07157EPSS
Exploits0
Debian
Debian
added 2016/08/27 4:25 p.m.30 views

[SECURITY] [DLA 603-1] ruby-activesupport-3.2 security update

Package : ruby-activesupport-3.2 Version : 3.2.6-6+deb7u2 CVE ID : CVE-2015-3227 The support and utility classes used by the Rails 3.2 framework allow remote attackers to cause a denial of service SystemStackError via a large XML document depth. For Debian 7 "Wheezy", these problems have been fix...

5CVSS5.6AI score0.04879EPSS
Exploits0
OSV
OSV
added 2016/04/07 7:11 a.m.8 views

SUSE-SU-2016:0968-1 Security update for rubygem-activesupport-3_2

This update for rubygem-activesupport-32 fixes the following issues: The previous patch for CVE-2015-7576 was adding the file lib/activesupport/securityutils.rb but this file was not being added into the gemspec,thus the final gem did not contain that file...

4.3CVSS5.5AI score0.04879EPSS
Exploits0References3
OSV
OSV
added 2016/03/22 4:21 p.m.8 views

SUSE-SU-2016:0857-1 Security update for rubygem-activesupport-4_1

This update for rubygem-activesupport-41 fixes the following issues: The previous security patch for CVE-2015-7576 was adding a new file but this file was not being added in the gemspec, thus the resulting gem didn't have it. This update includes the patch in the gem file too...

4.3CVSS5.6AI score0.04879EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.29 views

Fedora 23 : rubygem-activesupport-4.2.3-3.fc23 (2016-3ede04cd79)

Security fix for CVE-2015-7576 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

4.3CVSS6.1AI score0.04879EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.23 views

Fedora 22 : rubygem-activesupport-4.2.0-4.fc22 (2016-cb30088b06)

Security fix for CVE-2015-7576 CVE-2016-0753 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

5.3CVSS5.7AI score0.07157EPSS
Exploits0References5
OSV
OSV
added 2016/03/01 1:52 p.m.7 views

SUSE-SU-2016:0623-1 Security update for rubygem-activesupport-3_2

This update for rubygem-activesupport-32 fixes the following issues: - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller bsc963329...

4.3CVSS5.7AI score0.04879EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2016/02/29 12:0 a.m.28 views

Fedora Update for rubygem-activesupport FEDORA-2016-3

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS5.9AI score0.04879EPSS
Exploits0References2
Fedora
Fedora
added 2016/02/28 8:31 a.m.26 views

[SECURITY] Fedora 22 Update: rubygem-activesupport-4.2.0-4.fc22

Utility library which carries commonly used classes and goodies from the Rails framework...

5.3CVSS2.3AI score0.07157EPSS
Exploits0
OSV
OSV
added 2016/02/26 3:8 p.m.6 views

SUSE-SU-2016:0600-1 Security update for rubygem-activesupport-4_1

This update for rubygem-activesupport-41 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention bsc963334 - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller bsc963329...

5.3CVSS5.1AI score0.07157EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/02/08 12:0 a.m.39 views

openSUSE Security Update : rubygem-actionpack-3_2 / rubygem-activesupport-3_2 (openSUSE-2016-160)

This update for rubygem-actionpack-32, rubygem-activesupport-32 fixes the following issues : - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller boo963329 - CVE-2016-0752: directory traversal and information leak in Action View boo963332 - CVE-2016-0751:...

7.5CVSS5.8AI score0.95537EPSS
Exploits11References8
OSV
OSV
added 2016/01/12 10:24 a.m.6 views

SUSE-SU-2016:0082-1 Security update for rubygem-activesupport-4_1

This update fixes the following security issues: - CVE-2015-3227: Possible Denial of Service attack in Active Support bnc934800 - CVE-2015-3226: XSS Vulnerability in ActiveSupport::JSON bnc934799...

5CVSS7.2AI score0.04261EPSS
Exploits0References5
OSV
OSV
added 2016/01/07 12:54 p.m.6 views

SUSE-SU-2016:0047-1 Security update for rubygem-activesupport-3_2

rubygem-activesupport-32 was updated to fix one security issue. This security issue was fixed: - CVE-2015-3227: Possible Denial of Service attack in Active Support bsc934800...

5CVSS7.4AI score0.04261EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/07/27 12:0 a.m.31 views

openSUSE Security Update : rubygem-activesupport-3_2 (openSUSE-2015-506)

rubygem-activesupport-32 was updated to fix one security issue. This security issue was fixed : - CVE-2015-3227: Possible Denial of Service attack in Active Support bsc934800. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

5CVSS6.3AI score0.04261EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2015/07/26 12:0 a.m.44 views

XSS Vulnerability in ActiveSupport::JSON.encode

When a Hash containing user-controlled data is encoded as JSON either through Hashtojson or ActiveSupport::JSON.encode, Rails does not perform adequate escaping that matches the guarantee implied by the escapehtmlentitiesinjson option which is enabled by default. If this resulting JSON string is...

4.3CVSS6.8AI score0.0278EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2015/07/07 12:0 a.m.23 views

Fedora Update for rubygem-activesupport FEDORA-2015-10538

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS5.2AI score0.04261EPSS
Exploits0References2
Rows per page
Query Builder