Lucene search
K

10 matches found

OSV
OSV
added 2017/10/24 6:33 p.m.26 views

GHSA-R8FH-HQ2P-7QHQ Active Record contains SQL Injection via improper range quoting

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting...

7.5CVSS7.9AI score0.04181EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.28 views

Active Record contains SQL Injection via improper range quoting

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting...

7.5CVSS8.2AI score0.04181EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.28 views

actionpack is vulnerable to denial of service because of a wildcard controller route

actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's use of a wildcard controller route...

7.5CVSS7AI score0.06535EPSS
Exploits0References14Affected Software1
OpenVAS
OpenVAS
added 2016/10/17 12:0 a.m.29 views

Ruby on Rails Action Pack DoS Vulnerability (Jan 2016) - Linux

Ruby on Rails is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.4AI score0.06535EPSS
Exploits0References2
CVE
CVE
added 2015/07/26 10:0 p.m.134 views

CVE-2015-1840

CVE-2015-1840 describes a CSRF/XSS-style risk in Rails tooling: jquery_ujs.js and rails.js could cause a CSRF token to be transmitted to a different-domain server when a URL attribute contains a leading space. This bypasses the Same Origin Policy under supported Rails setups (Rails 3.x/4.x with j...

5CVSS6.2AI score0.04397EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2014/11/08 11:55 a.m.17 views

Directory traversal

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3...

5CVSS7.2AI score0.0386EPSS
Exploits0References6Affected Software1
RubySec
RubySec
added 2014/10/30 12:0 a.m.25 views

CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3...

5CVSS6.4AI score0.0386EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/07/07 10:0 a.m.109 views

CVE-2014-3483

CVE-2014-3483 is a SQL injection vulnerability in the PostgreSQL adapter for Active Record (Ruby on Rails). The flaw resides in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb, where improper range quoting allows remote attackers to execute arbitrary SQL commands. Affecte...

7.5CVSS8.2AI score0.04181EPSS
Exploits0References7Affected Software1
RubySec
RubySec
added 2014/07/02 12:0 a.m.29 views

CVE-2014-3483 rubygem-activerecord: SQL injection vulnerability in 'range' quoting

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting...

7.5CVSS3.5AI score0.04181EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/12/07 12:0 a.m.99 views

CVE-2013-6416

The CVE-2013-6416 entry concerns Ruby on Rails 4.x prior to 4.0.2, specifically a cross-site scripting (XSS) flaw in the simple_format helper within action_view/helpers/text_helper.rb. The vulnerability allows remote attackers to inject arbitrary script or HTML via a crafted HTML attribute, impac...

4.3CVSS5.4AI score0.01963EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder