Debian dla-4578 : rails - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4578 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4578-1 [email protected] https://www.debian.org/lts/security/...

Astra Linux - уязвимость в rails

Action Pack is a framework for handling and responding to web requests. Under certain circumstances, response bodies may not be closed properly. If a response does not notify the system of a close operation, ActionDispatch::Executor will not know to reset the thread local state for the next...

UBUNTU-CVE-2026-33658

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate C...

Debian dsa-6090 : rails - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6090 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6090-1 [email protected]...

EUVD-2020-0479

Malware in sbrugna...

EUVD-2020-0430

Malware in sbrugna...

EUVD-2017-0263

Malware in sbrugna...

EUVD-2023-2632

Malicious code in bioql PyPI...

EUVD-2023-0750

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-8162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the...

CVE-2025-57821

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a...

CVE-2025-57821

CVE-2025-57821 concerns Basecamp’s Google Sign-In for Rails. Before v1.3.0, a malformed redirect URL can bypass the same-origin check, allowing redirects to an attacker-controlled origin. If Rails apps store flash data in a session cookie, this can be chained with an attack that injects arbitrary...

CVE-2025-57821 Basecamp's Google Sign-In for Rails allowed redirects to a malformed URL

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a...

Linux Distros Unpatched Vulnerability : CVE-2024-26142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatc...

USN-7646-1: Rails vulnerability

It was discovered that Rails did not correctly handle headers. An attacker could potentially use this issue to view arbitrary files on a target server. CVE-2019-5418...

Ubuntu 16.04 LTS / 18.04 LTS : Rails vulnerability (USN-7646-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7646-1 advisory. It was discovered that Rails did not correctly handle headers. An attacker could potentially use this issue to view arbitrary files on a target server...

Rails 安全漏洞

Rails is a set of open source web application frameworks based on the Ruby language by the US-based Rails team. A security vulnerability exists in Rails that stems from the presence of a DOM-based cross-site scripting vulnerability that allows an attacker to inject malicious script into a victim'...

BIT-RAILS-2024-32464 ActionText ContentAttachment can Contain Unsanitized HTML

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

SUSE CVE-2024-47888

Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the plaintextforblockquotenode helper in Action Text. Carefully crafted text can cause the...

SUSE CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...