MAL-2025-14054 Malicious code in activeresource-statsd (npm)

The package activeresource-statsd was found to contain malicious code...

Malicious code in activeresource-statsd (npm)

The package activeresource-statsd was found to contain malicious code...

OESA-2021-1391 rubygem-activeresource security update

REST on Rails. Wrap your RESTful web app with Ruby classes and work with them like Active Record models. Security Fixes: There is a possible information disclosure issue in Active Resource v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way...

Fedora: Security Advisory for rubygem-activeresource (FEDORA-2020-02646284df)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Information Disclosure

activeresource is vulnerable to information disclosure. The vulnerability exists as the value of id used in elementpath is not properly sanitized...

Information Exposure

Overview activeresource is a library to wrap your RESTful web app with Ruby classes and work with them like Active Record models. Affected versions of this package are vulnerable to Information Exposure. There is an issue with the way Active Resource encodes data before querying the back end...

activeresource Gem for Ruby lib/active_resource/base.rb element_path Lack of Encoding

activeresource contains a lack of encoding flaw in the elementpath function of lib/activeresource/base.rb. There is an issue with the way Active Resource encodes data before querying the back end server. This encoding mechanism can allow specially crafted requests to possibly access data that may...

Ruby on Rails: Missing resource identifier encoding may lead to security vulnerabilities

I initially submitted this to the GitHub repository because the ActiveResource repository is not listed in scope. I was redirected here by @rafaelfranca A number of methods in the ActiveResource library, such as ActiveResource::Basefind and ActiveResource::Baseexists? don't URL encode the resourc...

HackerOne: GraphQL node interface for ActiveResource models lacks encoding for resource identifier, enabling parameter injection in Payments backend

HackerOne exposes a small number of ActiveResource objects through its GraphQL node interface. ActiveResource objects use HTTP as transport layer in order to fetch data. Four of these models, TaxForm, Payout, Payment, and PayoutPreference are fetched from an internal Payments backend system with ...

GHSA-XF96-32Q2-9RW2 Rails ActiveRecord gem vulnerable to SQL injection

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...

Moderate severity vulnerability that affects rails

Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.fromxml Hashfromxml method, which uses XmlSimple XML::Simple unsafely, as demonstrated by reading passwords fro...

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...

Moderate severity vulnerability that affects rails

Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.fromxml Hashfromxml method, which uses XmlSimple XML::Simple unsafely, as demonstrated by reading passwords fro...

High severity vulnerability that affects rails

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...

Fedora Update for rubygem-activeresource FEDORA-2011-11386

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

[SECURITY] Fedora 15 Update: rubygem-activeresource-3.0.5-1.fc15

Wraps web resources in model classes that can be manipulated through XML ov er REST...

Fedora Update for rubygem-activeresource FEDORA-2008-8322

Check for the Version of rubygem-activeresource OpenVAS Vulnerability Test Fedora Update for rubygem-activeresource FEDORA-2008-8322 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

Fedora Update for rubygem-activeresource FEDORA-2008-8322

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for rubygem-activeresource FEDORA-2008-8282

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

[SECURITY] Fedora 8 Update: rubygem-activeresource-2.1.1-1.fc8

Wraps web resources in model classes that can be manipulated through XML ov er REST...