12 matches found
RHEL 6 : rubygem-actionpack and ruby193-rubygem-actionpack (RHSA-2013:0698)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0698 advisory. Ruby on Rails is a modelviewcontroller MVC framework for web application development. Action Pack implements the controller and the view...
openSUSE Security Update : rubygem-actionpack-2_3 (openSUSE-SU-2013:0662-1)
Changes in rubygem-actionpack-23 : - add 2 patches to fix security issues : - bug-8099352-3-csssanitize.patch: CVE-2013-1855: rubygem-actionpack: XSS vulnerability in sanitizecss in Action Pack bnc809935 - bug-8099402-3-sanitizeprotocol.patch: CVE-2013-1857: rubygem-actionpack: XSS Vulnerability ...
FreeBSD : rubygem-rails -- multiple vulnerabilities (db0c4b00-a24c-11e2-9601-000d601460a4)
Ruby on Rails team reports : Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed : - CVE-2013-1854 Symbol DoS vulnerability in Active Record - CVE-2013-185...
Fedora Update for rubygem-actionpack FEDORA-2013-4214
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for rubygem-actionpack FEDORA-2013-4199
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 17 : rubygem-actionpack-3.0.11-9.fc17 (2013-4199)
Fix for CVE-2013-1855 and CVE-2013-1857. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
Fedora 18 : rubygem-actionpack-3.2.8-3.fc18 (2013-4214)
Fix for CVE-2013-1855 and CVE-2013-1857. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
[SECURITY] [DSA 2655-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2655-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 28, 2013 http://www.debian.org/security/faq -...
CVE-2013-1857
The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...
CVE-2013-1857
The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...
CVE-2013-1857
CVE-2013-1857 affects Ruby on Rails: the sanitize helper in Action Pack (lib/action_controller/vendor/html-scanner/html/sanitizer.rb) fails to properly handle encoded colon characters in URLs, enabling remote attackers to perform cross-site scripting (XSS) via a crafted scheme name (for example i...
CVE-2013-1857 rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails
'The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...