14 matches found
Debian: Security Advisory (DLA-496-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:1146-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ruby on Rails Active Record Security Bypass Vulnerability (Jan 2016) - Windows
Ruby on Rails is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...
Debian DLA-496-1 : ruby-activerecord-3.2 security update
CVE-2015-7577 activerecord/lib/activerecord/nestedattributes.rb in Active Record does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature. For Debian 7 'Wheezy', this problem have...
[SECURITY] [DLA 496-1] ruby-activerecord-3.2 security update
Package : ruby-activerecord-3.2 Version : 3.2.6-5+deb7u2 CVE ID : CVE-2015-7577 Debian Bug : N/A CVE-2015-7577 activerecord/lib/activerecord/nestedattributes.rb in Active Record does not properly implement a certain destroy option, which allows remote attackers to bypass intended change...
DLA-496-1 ruby-activerecord-3.2 - security update
Bulletin has no description...
Fedora Update for rubygem-activerecord FEDORA-2016-73
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2016:0598-1 Security update for rubygem-activerecord-4_1
This update for rubygem-activerecord-41 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention bsc963334 - CVE-2015-7577: Nested attributes rejection proc bypass bsc963330...
CVE-2015-7577
activerecord/lib/activerecord/nestedattributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass...
CVE-2015-7577
activerecord/lib/activerecord/nestedattributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass...
openSUSE Security Update : rubygem-actionpack-3_2 / rubygem-activesupport-3_2 (openSUSE-2016-160)
This update for rubygem-actionpack-32, rubygem-activesupport-32 fixes the following issues : - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller boo963329 - CVE-2016-0752: directory traversal and information leak in Action View boo963332 - CVE-2016-0751:...
Debian DSA-3464-1 : rails - security update
Multiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...
Nested attributes rejection proc bypass in Active Record
There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled. This vulnerability has been assigned the CVE identifier CVE-2015-7577. Versions Affected: 3.1.0 and newer Not affected: 3.0.x and...
Ruby on Rails: Nested attributes reject_if proc can be circumvented by providing "_destroy" parameter
Nested attributes rejection proc bypass in Active Record. There is a vulnerability in how the nested attributes feature in Active Record handles updates in combination with destroy flags when destroying records is disabled. This vulnerability has been assigned the CVE identifier CVE-2015-7577...