Caches may be allowed to store and serve private data

Django contains a flaw that is triggered as the program improperly removes Vary and Cache-Control headers from HTTP responses during a reply to a request from some older versions of Internet Explorer or the Chrome Frame client. This may allow a context-dependent attacker to gain access to...

Malformed URLs from user input incorrectly validated

The validation for redirects does not correctly validate some malformed URLs, which are accepted by some browsers. This allows a user to be redirected to an unsafe URL unexpectedly...

Local File inclusion

A local file inclusion is possible by specifying full path to any desired file in the Kickstart value in Cobbler's WebUI...

Remote Command Injection

Unsanitized input is passed to the shell. A malicious user can inject shell commands by sending shell meta characters like ';' in some variables...

Unexpected code execution using reverse()

Django incorrectly handle dotted Python paths when using the django.core.urlresolvers.reverse function. An attacker can use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution...

MySQL typecasting

When using a MySQL database, Django don't perform explicit conversion of the fields: FilePathField GenericIPAddressField IPAddressField If a query is performed without first converting values to the appropriate type, this can produce unexpected results, similar to what would occur if the query...

Caching of anonymous pages could reveal CSRF token

Django incorrectly cache certain pages that contain CSRF cookies. An attacker can possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions...

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ backslash characters that are not properly handle...

Improper Input Validation

actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...

XSS Vulnerability in simple_format helper

The simpleformat helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass...

Reflective XSS Vulnerability

There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to...

XSS Vulnerability in number_to_currency

The numbertocurrency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack...

Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)

Due to the way that Rack::Request and Rails::Request interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameter...

Possible DoS Vulnerability

A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: "some string userinput" % somenumber...

DOS via large passwords

The authentication framework django.contrib.auth computes the hash of a password each time a user attempts to log in, no matter the length of the password. Thus, a remote attacker can cause a denial of service CPU consumption by repeatedly submitting long passwords...

Directory traversal with ssi template tag

Directory traversal vulnerability allows remote attackers to read arbitrary files via a file path in the ALLOWEDINCLUDEROOTS setting followed by a .. in a ssi template tag...

Passwordless login

Users are able to log themselves in with a blank password, even for users who are NOT currently in the users table ie have never previously logged in...

XML Parsing Vulnerability affecting JRuby users

There is a vulnerability in the JDOM backend to ActiveSupport's XML parser. you should upgrade or use one of the work arounds immediately...

XSS vulnerability in sanitize_css in Action Pack

Carefully crafted text can bypass the sanitization provided in the sanitizecss method in Action Pack...

XSS Vulnerability in the `sanitize` helper

The sanitize helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious...

Symbol DoS vulnerability in Active Record

When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce params:name to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use on...

SQL Injection

ActiveRecord-JDBC-Adapter AR-JDBC contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the sql.gsub function in lib/arjdbc/jdbc/adapter.rb not properly sanitizing user-supplied input before using it in SQL queries. This may allow a remote attacker to inject or...

Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0

There is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities...

Circumvention of attr_protected

The attrprotected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected...

Circumvention of attr_protected

The attrprotected method allows developers to exclude model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected...

Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3

There is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application...

Unsafe Query Generation Risk in Ruby on Rails

Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does not let an attacker insert arbitrary values into an SQL query,...

Multiple vulnerabilities in parameter parsing in Action Pack

There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application...

Ruby on Rails Potential XSS Vulnerability in select_tag prompt

When a value for the prompt field is supplied to the selecttag helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks...

Potential XSS Vulnerability in Ruby on Rails

The HTML escaping code in Ruby on Rails does not escape all potentially dangerous characters. In particular the code does not escape the single quote character. The helpers used in Rails itself never use single quotes, so most applications are unlikely to be vulnerable, however all users running ...

SQL injection vulnerability in Active Record

Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries...

SQL Injection

Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary IS NULL clauses in to application SQL queries. This may also allow an attacker to have the SQL query chec...

Direct Manipulation XSS

Ruby on Rails contains a flaw that allows a remote cross-site scripting XSS attack. This flaw exists because the application does not validate direct manipulations of SafeBuffer objects via '' and other methods. This may allow a user to create a specially crafted request that would execute...

XSS via posted select tag options

Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated select tag options upon submission to actionpack/lib/actionview/helpers/formoptionshelper.rb. This may allow a user to create a specially crafted request that would execute...

Translate helper method which may allow an attacker to insert arbitrary code into a page

The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated...

Response Splitting Vulnerability in Ruby on Rails

A response splitting flaw can allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types...

ActiveRecord Gem :limit / :offset SQL Injection

The issue is due to the program not properly sanitizing user-supplied input related to the :limit and :offset functions. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...

Remote code execution and potential Denial of Service Vulnerability

Activeresource contains a format string flaw in the request function of lib/activeresource/connection.rb. The issue is triggered as format string specifiers e.g. %s and %x are not properly sanitized in user-supplied input when passed via the result.code and result.message variables. This may allo...