2 matches found
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect when passing unsanitized user input to the redirectto helper in metal/redirecting.rb. NOTE: A patch has been released to address this issue: 7-0-Fix-sec-issue-with-urlhostallowed.patch Remediation Upgrade actionpack to...
Denial of Service (DoS)
Overview activerecord is a library for databases on Rails. Affected versions of this package are vulnerable to Denial of Service DoS when a value outside the range for a 64-bit signed integer is provided to the PostgreSQL connection adapter. Workarounds Ensure that user-supplied input which is...