Lucene search
K

15 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.4 views

SUSE CVE-2015-3225

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service SystemStackError via a request with a large parameter depth...

5CVSS6.8AI score0.07778EPSS
Exploits0References9
Huntr
Huntr
added 2020/08/17 12:0 a.m.16 views

Insecure Storage of Sensitive Information in smirzaei/rails-session-decoder

Overview rails-session-decoder is a simple utility for decoding Rails 4.x sessions in Node.js, this package are vulnerable to Information Exposure. Missing verification of the Message Authentication Code appended to the cookies may lead to decryption of cipher text, exposing encrypted information...

2.3AI score
Exploits0References1
OSV
OSV
added 2017/10/24 6:33 p.m.26 views

GHSA-R8FH-HQ2P-7QHQ Active Record contains SQL Injection via improper range quoting

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting...

7.5CVSS7.9AI score0.04181EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.28 views

Active Record contains SQL Injection via improper range quoting

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting...

7.5CVSS8.2AI score0.04181EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.28 views

actionpack is vulnerable to denial of service because of a wildcard controller route

actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's use of a wildcard controller route...

7.5CVSS7AI score0.06535EPSS
Exploits0References14Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/10/17 12:0 a.m.25 views

FreeBSD : Rails 4 -- Possible XSS Vulnerability in Action View (43f1c867-654a-11e6-8286-00248c0c745d)

Ruby Security team reports : There is a possible XSS vulnerability in Action View. Text declared as 'HTML safe' will not have quotes escaped when used as attribute values in tag helpers. This vulnerability has been assigned the CVE identifier CVE-2016-6316. %NASLMINLEVEL 70300 C Tenable Network...

6.1CVSS6.2AI score0.03438EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2016/10/17 12:0 a.m.29 views

Ruby on Rails Action Pack DoS Vulnerability (Jan 2016) - Linux

Ruby on Rails is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.4AI score0.06535EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/10/17 12:0 a.m.46 views

FreeBSD : Rails 4 -- Unsafe Query Generation Risk in Active Record (7e61cf44-6549-11e6-8286-00248c0c745d)

Ruby Security team reports : There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability has been assigned the CVE identifier CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. %NASLMINLEVEL 70300 ...

7.5CVSS6.4AI score0.08245EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2016/08/11 12:0 a.m.28 views

Rails 4 -- Possible XSS Vulnerability in Action View

Ruby Security team reports: There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. This vulnerability has been assigned the CVE identifier CVE-2016-6316...

6.1CVSS1.4AI score0.03438EPSS
Exploits0References1
CVE
CVE
added 2015/07/26 10:0 p.m.134 views

CVE-2015-1840

CVE-2015-1840 describes a CSRF/XSS-style risk in Rails tooling: jquery_ujs.js and rails.js could cause a CSRF token to be transmitted to a different-domain server when a URL attribute contains a leading space. This bypasses the Same Origin Policy under supported Rails setups (Rails 3.x/4.x with j...

5CVSS6.2AI score0.04397EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2014/11/08 11:55 a.m.16 views

Directory traversal

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3...

5CVSS7.2AI score0.0386EPSS
Exploits0References6Affected Software1
RubySec
RubySec
added 2014/10/30 12:0 a.m.25 views

CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3...

5CVSS6.4AI score0.0386EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/07/07 10:0 a.m.109 views

CVE-2014-3483

CVE-2014-3483 is a SQL injection vulnerability in the PostgreSQL adapter for Active Record (Ruby on Rails). The flaw resides in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb, where improper range quoting allows remote attackers to execute arbitrary SQL commands. Affecte...

7.5CVSS8.2AI score0.04181EPSS
Exploits0References7Affected Software1
RubySec
RubySec
added 2014/07/02 12:0 a.m.29 views

CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting...

7.5CVSS3.5AI score0.04181EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/12/07 12:0 a.m.99 views

CVE-2013-6416

The CVE-2013-6416 entry concerns Ruby on Rails 4.x prior to 4.0.2, specifically a cross-site scripting (XSS) flaw in the simple_format helper within action_view/helpers/text_helper.rb. The vulnerability allows remote attackers to inject arbitrary script or HTML via a crafted HTML attribute, impac...

4.3CVSS5.4AI score0.01963EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder