16 matches found
SUSE CVE-2021-22880
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service REDoS vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular...
openSUSE 15 Security Update : rubygem-activerecord-5_1 (openSUSE-SU-2021:1468-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1468-1 advisory. - The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service REDoS vulnerability...
openSUSE: Security Advisory for rubygem-activerecord-5_1 (openSUSE-SU-2021:1468-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for rubygem-activerecord-5_1 (moderate)
openSUSE Security Update: Security update for rubygem-activerecord-51 Announcement ID: openSUSE-SU-2021:1468-1 Rating: moderate References: 1182169 Cross-References: CVE-2021-22880 CVSS scores: CVE-2021-22880 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22880 SUSE: 5.3...
openSUSE: Security Advisory for rubygem-activerecord-5_1 (openSUSE-SU-2021:3634-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE 15 Security Update : rubygem-activerecord-5_1 (openSUSE-SU-2021:3634-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:3634-1 advisory. - The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service REDoS vulnerability...
SUSE SLES15 Security Update : rubygem-activerecord-5_1 (SUSE-SU-2021:3634-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:3634-1 advisory. - CVE-2021-22880: Fixed possible DoS vector in PostgreSQL money type bsc1182169. Tenable has extracted the preceding description block directly from th...
OPENSUSE-SU-2021:3634-1 Security update for rubygem-activerecord-5_1
This update for rubygem-activerecord-51 fixes the following issues: - CVE-2021-22880: Fixed possible DoS vector in PostgreSQL money type bsc1182169...
[SECURITY] [DSA 4929-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4929-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2021 https://www.debian.org/security/faq -...
Fedora: Security Advisory for rubygem-activerecord (FEDORA-2021-b571fca1b8)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Vulnerabilities fixed in Ruby on Rails
Vulnerabilities have been fixed in Ruby on Rails. The vulnerabilities allow a malicious party to cause a denial-of-service cause and redirect a user to a rogue web page. The Ruby on Rails developers have released updates to fix the vulnerabilities. More information can be found on the pages below...
FreeBSD : Rails -- multiple vulnerabilities (8e670b85-706e-11eb-abb2-08002728f74c)
Ruby on Rails blog : Rails version 5.2.4.5, 6.0.3.5 and 6.1.2.1 have been released! Those version are security releases and addresses two issues : CVE-2021-22880: Possible DoS Vulnerability in Active Record PostgreSQL adapter. CVE-2021-22881: Possible Open Redirect in Host Authorization Middlewar...
CVE-2021-22880
creationtimestamp| type| source ---|---|--- 2021-02-11 20:42:50+00:00| seen| https://t.me/cibsecurity/23458...
CVE-2021-22880
The CVE-2021-22880 vulnerability affects the Rails Active Record PostgreSQL adapter. It is a REDoS flaw in the money type input validation, exploitable in Rails apps using PostgreSQL money columns. It impacts Active Record versions prior to 6.1.2.1, 6.0.3.5, and 5.2.4.5. Remediation is to upgrade...
CVE-2021-22880
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service REDoS vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular...
Possible DoS Vulnerability in Active Record PostgreSQL adapter
There is a possible DoS vulnerability in the PostgreSQL adapter in Active Record. This vulnerability has been assigned the CVE identifier CVE-2021-22880. Versions Affected: = 4.2.0 Not affected: 4.2.0 Fixed Versions: 6.1.2.1, 6.0.3.5, 5.2.4.5 Impact ------ Carefully crafted input can cause the...