PT-2020-19995 · Ruby On Rails +3 · Rails +3

Name of the Vulnerable Software and Affected Versions: rails versions prior to 5.2.5 rails versions prior to 6.0.4 Description: A CSRF forgery issue exists that allows an attacker to forge a per-form CSRF token given a global CSRF token, such as the one present in the authenticity token meta tag...

CVE-2015-9284

The request phase of the OmniAuth Ruby gem 1.9.1 and earlier is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able ...

[oss-security] [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations

There is a vulnerability in the 'implicit render' functionality in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0130. Versions Affected: All Supported Not affected: None Fixed Versions: 4.1.1, 4.0.5, 3.2.18 Impact ------ The implicit render functionality allows...

Critical: Red Hat Security Advisory: Ruby on Rails security update

Updated rubygem-actionpack, rubygem-activesupport, and rubygem-activerecord packages that fix multiple security issues are now available for Red Hat CloudForms. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS ba...