Lucene search
K

44 matches found

Veracode
Veracode
added 2018/11/07 2:13 a.m.50 views

Cross-site Scripting (XSS)

rack is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization on the data returned by the scheme method in Rack::Request, allowing XSS attacks...

6.1CVSS5.6AI score0.01816EPSS
Exploits0References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2013/12/06 12:0 a.m.47 views

Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)

Due to the way that Rack::Request and Rails::Request interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameter...

6.4CVSS3.2AI score0.08245EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2013/12/05 9:54 p.m.98 views

Important: Red Hat Security Advisory: ruby193-rubygem-actionpack security update

Updated ruby193-rubygem-actionpack packages that fix multiple security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detail...

6.4CVSS6.9AI score0.207EPSS
Exploits3References5
RubySec
RubySec
added 2013/12/03 12:0 a.m.49 views

Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)

The prior fix to CVE-2013-0155 was incomplete and the use of common 3rd party libraries can accidentally circumvent the protection. Due to the way that Rack::Request and Rails::Request interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store...

6.4CVSS3.5AI score0.08245EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder