Lucene search
K

6 matches found

UbuntuCve
UbuntuCve
added 2026/01/30 9:15 p.m.3 views

CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

9.2CVSS6.2AI score0.02388EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/08/13 11:15 p.m.2 views

CVE-2025-55193

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in...

6.9CVSS6.9AI score0.00527EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2024/10/16 9:15 p.m.12 views

CVE-2024-47889

Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the blockformat helper in Action Mailer. Carefully crafted text can cause the blockformat helper to...

8.7CVSS6.4AI score0.00944EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2024/10/16 6:15 p.m.5 views

CVE-2024-41128

Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted query parameters...

8.7CVSS6.4AI score0.01103EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2020/07/02 7:15 p.m.36 views

CVE-2020-8185

A denial of service vulnerability exists in Rails 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production...

6.5CVSS6.8AI score0.02181EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2017/12/29 4:29 p.m.45 views

CVE-2017-17917

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted inpu...

8.1CVSS7.5AI score0.02264EPSS
Exploits1References2
Rows per page
Query Builder