RHEL 6 / 7 : rh-ror41 (RHSA-2016:0456)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0456 advisory. The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller MVC framework for web application...

Debian: Security Advisory (DLA-604-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-2098 CVE-2016-2097)

Summary Vulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9 and IBM BigFix Inventory v9. Vulnerability Details CVEID: CVE-2016-2098 DESCRIPTION: Ruby on Rails could allow a remote attacker to execute arbitrary code on the system, caused by improper validation o...

GHSA-VX9J-46RH-FQR8 actionview contains Path Traversal vulnerability

There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all possible scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x,...

actionview contains Path Traversal vulnerability

There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all possible scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x,...

Ruby on Rails Action View 'render' Directory Traversal Vulnerability (Feb 2016) - Linux

Ruby on Rails is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails"...

CVE-2016-2097

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a pathname. NOTE: this vulnerability exists...

CVE-2016-2097

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a pathname. NOTE: this vulnerability exists...

CVE-2016-2097

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a pathname. NOTE: this vulnerability exists...

CVE-2016-2097

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a pathname. NOTE: this vulnerability exists...

CVE-2016-2097

CVE-2016-2097 is a directory-traversal vulnerability in Rails’ Action View, exploitable when an application uses the render method with an untrusted pathname containing .., allowing remote attackers to read arbitrary files. It affects Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2, and is ...

CVE-2016-2097

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a pathname. NOTE: this vulnerability exists...

CVE-2016-2097

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application’s unrestricted use of the render method and providing a .. dot dot in a pathname. NOTE: this vulnerability exists...

openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-2016-369)

This update for rubygem-actionpack-32 fixes the following issues : - CVE-2016-2097: rubygem-actionview: Possible Information Leak Vulnerability in Action View. boo968850 - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack boo968849 %NASLMINLEVEL 70300 ...

openSUSE: Security Advisory for rubygem-actionpack-3_2 (openSUSE-SU-2016:0835-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for rubygem-actionpack-3_2 (important)

This update for rubygem-actionpack-32 fixes the following issues: - CVE-2016-2097: rubygem-actionview: Possible Information Leak Vulnerability in Action View. boo968850 - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack boo968849...

Ruby on Rails Action View 信息泄漏

Possible Information Leak Vulnerability in Action View. There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all the scenarios. This vulnerability has been assigned the CVE...

Important: Red Hat Security Advisory: rh-ror41 security update

Updated rh-ror41-rubygem-actionview packages that fix two security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Debian DSA-3509-1 : rails - security update

Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby. Both vulnerabilities affect Action Pack, which handles the web requests for Rails. - CVE-2016-2097 Crafted requests to Action View, one of the components of Action Pack, might result in rendering files...

[SECURITY] [DSA 3509-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3509-1 [email protected] https://www.debian.org/security/ Luciano Bello March 09, 2016 https://www.debian.org/security/faq -...