2 matches found
Debian Security Advisory DSA 2655-1 (rails - several vulnerabilities)
Several cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development. OpenVAS Vulnerability Test $Id: deb2655.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2655-1 using nvtgen 1.0 Script...
Debian Security Advisory DSA 2613-1 (rails - insufficient input validation)
Lawrence Pit discovered that Ruby on Rails, a web development framework, is vulnerable to a flaw in the parsing of JSON to YAML. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML. The vulnerability has been addressed by removing the YAML backend and...