Rails@3.2.15 Security Vulnerabilities and Issues — Rails@3.2.15 CVE List

Lucene search

RubyonrailsRails3.2.15

7 matches found

CVE•added 2014/02/20 3:27 p.m.•114 views

CVE-2014-0081

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) u...

4.3CVSS5.9AI score0.00885EPSS

CVE•added 2014/02/20 3:27 p.m.•89 views

CVE-2014-0082

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in head...

5CVSS6AI score0.06456EPSS

CVE•added 2016/09/07 7:28 p.m.•85 views

CVE-2016-6316

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.

6.1CVSS6.1AI score0.02193EPSS

CVE•added 2015/07/26 10:59 p.m.•83 views

CVE-2015-3226

Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.

4.3CVSS4.9AI score0.00212EPSS

CVE•added 2014/11/08 11:55 a.m.•77 views

CVE-2014-7818

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence ...

4.3CVSS6.4AI score0.00409EPSS

CVE•added 2014/11/18 11:59 p.m.•75 views

CVE-2014-7829

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence ...

5CVSS6.5AI score0.00409EPSS

CVE•added 2014/07/07 11:1 a.m.•72 views

CVE-2014-3482

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

7.5CVSS8.3AI score0.01435EPSS