Fedora Update for rubygem-rails FEDORA-2016-5760339e76

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-actionmailer FEDORA-2016-5760339e76

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-actioncable FEDORA-2016-5760339e76

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-actionview FEDORA-2016-5760339e76

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-activerecord FEDORA-2016-5760339e76

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-railties FEDORA-2016-5760339e76

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-actionpack FEDORA-2016-5760339e76

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : Rails 4 -- Unsafe Query Generation Risk in Active Record (7e61cf44-6549-11e6-8286-00248c0c745d)

Ruby Security team reports : There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability has been assigned the CVE identifier CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. %NASLMINLEVEL 70300 ...

Ruby on Rails Active Record SQLi Vulnerability (Aug 2016) - Linux

Ruby on Rails is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails"...

CVE-2016-6317

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

CVE-2016-6317

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

CVE-2016-6317

The CVE-2016-6317 entry affects Ruby on Rails 4.2.x before 4.2.7.1, where Active Record and JSON parameter handling differences can allow remote attackers to bypass query restrictions and trigger NULL checks or missing WHERE clauses via crafted requests (e.g., [nil]). Root cause is inconsistent p...

CVE-2016-6317

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

Fedora 24 : 1:rubygem-actionpack / 1:rubygem-activerecord (2016-b4919ffe56)

Fix for CVE-2016-6317 rhbz1366479 - Fix argument error for instanceexec for Ruby 2.3 compatibility Only rubygem-activerecord f24 - Improve tests not to accept the failures Only rubygem-activerecord Note that Tenable Network Security has extracted the preceding description block directly from the...

Fedora 23 : 1:rubygem-actionpack / 1:rubygem-activerecord (2016-f58d7ecc8a)

Fix for CVE-2016-6317 rhbz1366479 - Fix argument error for instanceexec for Ruby 2.3 compatibility Only rubygem-activerecord f24 - Improve tests not to accept the failures Only rubygem-activerecord Note that Tenable Network Security has extracted the preceding description block directly from the...

Fedora Update for rubygem-activerecord FEDORA-2016-b4919ffe56

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygem-actionpack FEDORA-2016-f58d7ecc8a

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rails 4 -- Unsafe Query Generation Risk in Active Record

Ruby Security team reports: There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability has been assigned the CVE identifier CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155...

Ruby on Rails: Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass

Unsafe Query Generation Risk in Active Record There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability has been assigned the CVE identifier CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155...