21 matches found
[SECURITY] [DLA 4578-1] rails security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4578-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler May 11, 2026 https://wiki.debian.org/LTS -...
Rails 安全漏洞
Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. There are security vulnerabilities in versions of Rails Active Support before 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stem from digital helper functions...
DSA-6090-1 rails - security update
Bulletin has no description...
EUVD-2017-0231
Malware in sbrugna...
EUVD-2017-0163
Malware in sbrugna...
📄 Ruby on Rails Cross Site Request Forgery
Ruby on Rails appears to include a one time pad for cross site request forgery protections to the user, making it possible to forge valid tokens. Good morning. All current versions and all versions since the 2022/2023 "fix" to the Rails cross-site request forgery CSRF protections continue to be...
[SECURITY] [DSA 5881-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5881-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 17, 2025 https://www.debian.org/security/faq -...
Linux Distros Unpatched Vulnerability : CVE-2024-26144
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active...
CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
Rails Without Derails: Thwarting Code Injection Attacks
...
Debian DSA-5389-1 : rails - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5389 advisory. Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based cross-site scripting...
GHSA-3HHC-QP5V-9P2J Active Record RCE bug with Serialized Columns
When serialized columns that use YAML the default are deserialized, Rails uses YAML.unsafeload to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database via means like SQL injection, then it may be possible for the attacker to escalate to an RCE. There are no...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the ActionDispatch::Executor function, which expects response bodies to be closed and will not know to reset a thread's local state for the next request in a case where a response body isn't closed, allowing for...
PT-2020-19995 · Ruby On Rails +3 · Rails +3
Name of the Vulnerable Software and Affected Versions: rails versions prior to 5.2.5 rails versions prior to 6.0.4 Description: A CSRF forgery issue exists that allows an attacker to forge a per-form CSRF token given a global CSRF token, such as the one present in the authenticity token meta tag...
DLA-2149-1 rails - security update
Bulletin has no description...
CVE-2015-9284
The request phase of the OmniAuth Ruby gem 1.9.1 and earlier is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able ...
Exploit for Path Traversal in Rubyonrails Rails
Rails-doubletap-exploit RCE on Rails 5.2.2 using a path trave...
SUSE-SU-2017:0475-1 Security update for susestudio
This update provides SUSE Studio Runner 1.3.14, which brings fixes for the following issues: - bsc968797: 11 SP3 appliance gets invalid distribution upgrade from SLMS. - bsc947225: Second build of appliance will not register to SLMS, wrong product name. - bsc983404: UEFI boot missing for SLE11 SP...
[oss-security] [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations
There is a vulnerability in the 'implicit render' functionality in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0130. Versions Affected: All Supported Not affected: None Fixed Versions: 4.1.1, 4.0.5, 3.2.18 Impact ------ The implicit render functionality allows...
FreeBSD : rails -- multiple vulnerabilities (6a806960-3016-44ed-8575-8614a7cb57c7)
Rails weblog : Rails 3.2.16 and 4.0.2 have been released! These two releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue. The security fixes in 3.2.16...