Astra Linux – Vulnerability in Rails

Action Pack is a framework for handling and responding to web requests. Under certain circumstances, response bodies may not be closed properly. If a response does not notify the system of a close operation, ActionDispatch::Executor will not know to reset the thread local state for the next...

Astra Linux – Vulnerability in Rails

A potential information disclosure/vulnerability in Action Pack = 2.0.0, where using the redirectto or polymorphicurl helper with untrusted user input may lead to unintended method executions...

Debian dla-4578 : rails - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4578 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4578-1 [email protected] https://www.debian.org/lts/security/...

UBUNTU-CVE-2026-33658

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate C...

Linux Distros Unpatched Vulnerability : CVE-2026-33195

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's...

Debian dsa-6090 : rails - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6090 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6090-1 [email protected]...

EUVD-2020-0430

Malware in sbrugna...

EUVD-2017-0210

Malware in sbrugna...

EUVD-2017-0263

Malware in sbrugna...

EUVD-2017-0207

Malware in sbrugna...

EUVD-2017-0265

Malware in sbrugna...

EUVD-2017-0306

Malware in sbrugna...

EUVD-2020-0479

Malware in sbrugna...

EUVD-2023-2632

Malicious code in bioql PyPI...

EUVD-2023-0750

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-8162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the...

Linux Distros Unpatched Vulnerability : CVE-2022-23633

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response ...

CVE-2025-57821

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a...

CVE-2025-57821

CVE-2025-57821 concerns Basecamp’s Google Sign-In for Rails. Before v1.3.0, a malformed redirect URL can bypass the same-origin check, allowing redirects to an attacker-controlled origin. If Rails apps store flash data in a session cookie, this can be chained with an attack that injects arbitrary...

CVE-2025-57821 Basecamp's Google Sign-In for Rails allowed redirects to a malformed URL

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a...