SUSE CVE-2015-3225

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...

FreeBSD : Rails 4 -- Unsafe Query Generation Risk in Active Record (7e61cf44-6549-11e6-8286-00248c0c745d)

Ruby Security team reports : There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability has been assigned the CVE identifier CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. %NASLMINLEVEL 70300 ...

FreeBSD : Rails 4 -- Possible XSS Vulnerability in Action View (43f1c867-654a-11e6-8286-00248c0c745d)

Ruby Security team reports : There is a possible XSS vulnerability in Action View. Text declared as 'HTML safe' will not have quotes escaped when used as attribute values in tag helpers. This vulnerability has been assigned the CVE identifier CVE-2016-6316. %NASLMINLEVEL 70300 C Tenable Network...

Rails 4 -- Possible XSS Vulnerability in Action View

Ruby Security team reports: There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. This vulnerability has been assigned the CVE identifier CVE-2016-6316...