49 matches found
CVE-2013-0156
CVE-2013-0156 is a vulnerability in Ruby on Rails where active_support/core_ext/hash/conversions.rb fails to restrict casts of string values, enabling object-injection that can lead to remote code execution or a DoS via nested XML entities. Affected are Rails before 2.3.15, 3.0.x before 3.0.19, 3...
CVE-2016-2097
CVE-2016-2097 is a directory-traversal vulnerability in Rails’ Action View, exploitable when an application uses the render method with an untrusted pathname containing .., allowing remote attackers to read arbitrary files. It affects Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2, and is ...
CVE-2012-2695
The CVE-2012-2695 entry affects Ruby on Rails Active Record prior to versions 3.0.14, 3.1.x prior to 3.1.6, and 3.2.x prior to 3.2.6. The issue arises from how request data is passed to where() calls in ActiveRecord, enabling SQL injection via nested query parameters due to improper handling of n...
CVE-2012-2661
CVE-2012-2661 concerns Ruby on Rails ActiveRecord where passing request data to a where call can enable SQL injection via nested query parameters. Affected ranges are Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4. The issue is related to the handling of nested query hashes...
CVE-2013-0333
Technical details for CVE-2013-0333 are not publicly available in the supplied documents; monitor for updates.
CVE-2012-2660
CVE-2012-2660 (Ruby on Rails) is a remote bypass vulnerability where actionpack/ActiveRecord fails to align parameter handling between ActiveRecord and Rack interfaces: Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 allow bypass of database-query restrictions and NULL check...
CVE-2013-0155
CVE-2013-0155 affects Ruby on Rails, specifically Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11. The vulnerability arises from mismatched parameter handling between Active Record and the JSON implementation, allowing remote attackers to bypass database-query restrictions...
CVE-2014-0081
CVE-2014-0081 affects Ruby on Rails: multiple XSS flaws in actionview/lib/action_view/helpers/number_helper.rb allow remote injection via format, negative_format, or units in number_to_currency, number_to_percentage, and number_to_human. Affected Rails versions: 3.2.x before 3.2.17, 4.0.x before ...
CVE-2013-1854
CVE-2013-1854 summary (Rails ActiveRecord): Rails 2.3.x < 2.3.18, 3.1.x < 3.1.12, and 3.2.x
CVE-2013-1855
The CVE-2013-1855 entry concerns a cross-site scripting flaw in Rails’ Action Pack sanitize_css in lib/action_controller/vendor/html-scanner/html/sanitizer.rb. The issue arises from improper handling of newline characters in CSS token sequences, enabling remote XSS via crafted CSS. Affected Rails...
CVE-2012-2694
CVE-2012-2694 is a Ruby on Rails Active Record/parameter handling weakness where Rails versions 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 fail to align Active Record and Rack parameter handling, enabling remote attackers to bypass query restrictions and perform NULL checks v...
CVE-2012-6496
CVE-2012-6496 affects the Active Record component of Ruby on Rails. It describes an SQL injection vulnerability in Rails versions prior to 3.0.18 (3.0 line), 3.1.x prior to 3.1.9, and 3.2.x prior to 3.2.10, where crafted requests can exploit the incorrect behavior of dynamic find_by_ methods with...
CVE-2013-0277
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause YAML deserialization in the serialize helper. Remediation: upgrade to Rails 2.3.17+ (and for 3.x, apply the ...
CVE-2016-2098
CVE-2016-2098 affects Ruby on Rails Action Pack render usage. Affected: ActionPack in Rails before 3.2.22.2, Rails 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2. Root cause: unrestricted/unsafe use of the render method allowing attacker-controlled arguments, enabling remote code execution of Ruby...
CVE-2012-3464
CVE-2012-3464 is a cross-site scripting (XSS) vulnerability in Rails where activesupport/lib/active_support/core_ext/string/output_safety.rb permits remote injection via a single quote character. Affected Rails versions are 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8. The impa...
CVE-2016-0751
CVE-2016-0751 affects Ruby on Rails Action Pack: MIME type cache handling allows remote denial of service via crafted HTTP Accept headers. Affected are Rails before 3.2.22.1, 4.0.x, 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1. The root cause is improper restriction o...
CVE-2013-1857
CVE-2013-1857 affects Ruby on Rails: the sanitize helper in Action Pack (lib/action_controller/vendor/html-scanner/html/sanitizer.rb) fails to properly handle encoded colon characters in URLs, enabling remote attackers to perform cross-site scripting (XSS) via a crafted scheme name (for example i...
CVE-2013-6415
CVE-2013-6415 is an XSS vulnerability in Ruby on Rails Action Pack, specifically in the number_to_currency helper (action_view number_helper.rb). It allows a remote attacker to inject arbitrary script/HTML via the unit parameter. Affected are Rails versions prior to 3.2.16 and 4.x prior to 4.0.2....
CVE-2012-3465
CVE-2012-3465 affects Ruby on Rails (Action Pack) via action_view/sanitize_helper.rb strip_tags. Vulnerable in Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8; malformed HTML markup can allow remote XSS via the strip_tags path. The issue is an XSS in the Rails sanitization flow an...
CVE-2011-2930
CVE-2011-2930 describes SQL injection in the quote_table_name method of ActiveRecord adapters in Ruby on Rails. Affected are Rails versions: before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5, enabling remote attackers to execute arbitrary SQL via a crafted column name. The Connected ...
CVE-2013-6414
CVE-2013-6414 affects Action View in Ruby on Rails 3.x (before 3.2.16) and 4.x (before 4.0.2); a header with an invalid MIME type can cause excessive caching leading to memory exhaustion (DoS). Observed in user reports and PoCs (e.g., Metasploit rails_action_view.rb). OpenSUSE/Fedora advisories r...
CVE-2011-2197
CVE-2011-2197 concerns Ruby on Rails XSS protection: the safe-buffer mutation handling in Rails’ XSS prevention can be bypassed, enabling remote XSS via crafted input. Affected: Rails 2.x before 2.3.12; Rails 3.0.x before 3.0.8; Rails 3.1.x before 3.1.0.rc2. Root cause per advisory: improper muta...
CVE-2012-1099
Concretely, CVE-2012-1099 affects Ruby on Rails ActionPack’s select helper in action_view/form_options_helper.rb. The vulnerability allows remote XSS via certain OPTION element generation in , impacting Rails 3.0.x (<3.0.12), 3.1.x (<3.1.4), and 3.2.x (
CVE-2014-0082
CVE-2014-0082 affects Ruby on Rails (Action Pack) in Rails 3.x prior to 3.2.17. The vulnerability arises when rendering with the :text option in ActionView::Template, where MIME type strings are converted to symbols, enabling remote attackers to trigger memory consumption DoS. Public details in c...
CVE-2013-4491
CVE-2013-4491 is a Cross-site scripting flaw in Ruby on Rails Action Pack’s i18n translation path. The vulnerability arises when an i18n fallback string includes user-controlled input, allowing remote script or HTML injection. Affected are Rails 3.x prior to 3.2.16 and 4.x prior to 4.0.2. Patches...
CVE-2015-7576
Ruby on Rails: The http_basic_authenticate_with path in Action Controller is vulnerable to a timing-attack bypass when verifying credentials, not using constant-time comparison. A remote attacker could determine valid usernames/passwords by measuring response times. Affected rails versions includ...
CVE-2011-2931
CVE-2011-2931 : Rails contains an XSS vulnerability in the strip_tags helper (actionpack/lib/action_controller/vendor/html-scanner/html/node.rb) that allows remote attackers to inject arbitrary script/HTML via a tag with an invalid name. Affected versions are Rails before 2.3.13, 3.0.x before 3.0...
CVE-2013-6417
The CVE-2013-6417 issue affects Ruby on Rails’ ActionPack (lib/action_dispatch/http/request.rb) where differences in parameter handling between Active Record and the JSON implementation allow remote attackers to bypass database-query restrictions and trigger NULL checks or missing WHERE clauses b...
CVE-2011-2932
CVE-2011-2932 is a cross-site scripting (XSS) vulnerability in Ruby on Rails’ activesupport core:_string/output_safety.rb, linked to a UTF-8 escaping issue. Affected versions include Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5. The issue enables remote injection of sc...
CVE-2015-7577
CVE-2015-7577 concerns Ruby on Rails Active Record’s nested_attributes vulnerability. The flaw affects ActiveRecord::NestedAttributes in Rails 3.1.x/3.2.x (before 3.2.22.1), 4.x (before 4.1.14.1 for 4.1.x; 4.2.x before 4.2.5.1), and 5.x (before 5.0.0.beta1.1). The defect allows remote attackers t...
CVE-2006-4111
CVE-2006-4111 affects the Ruby on Rails framework prior to version 1.1.5. The vulnerability arises from a File Upload request that supplies an HTTP header which modifies the LOAD_PATH variable, enabling a remote attacker to execute Ruby code with substantial impact. The issue is distinct from CVE...
CVE-2013-1856
CVE-2013-1856 affects the ActiveSupport XML parser backend (XMLMini_JDOM) in Ruby on Rails’ Active Support. Specifically, JRuby users of Rails 3.0.x and 3.1.x before 3.1.12 and Rails 3.2.x before 3.2.13 have an XML parsing vulnerability that can allow a remote attacker to read arbitrary files or ...
CVE-2009-2422
Ruby on Rails before 2.3.3 contains a vulnerability in the http_authentication.rb example for digest authentication: authenticate_or_request_with_http_digest returns nil instead of false when the user does not exist, enabling context-dependent attackers to bypass authentication for applications d...
CVE-2009-4214
CVE-2009-4214 is an XSS vulnerability in Ruby on Rails via the strip_tags path. It affects Rails before 2.2.s and 2.3.x before 2.3.5, allowing remote attackers to inject arbitrary script/HTML using vectors involving non‑printing ASCII characters (related to HTML::Tokenizer and html/node.rb). Expl...
CVE-2016-6316
Summary : CVE-2016-6316 is a cross-site scripting (XSS) vulnerability in Rails’ Action View. The root cause is that quotes were not escaped for strings declared as HTML safe when used as attribute values in tag helpers, enabling remote attackers to inject script or HTML. Affected products include...
CVE-2012-3424
The vulnerability CVE-2012-3424 affects Ruby on Rails Action Pack HTTP Digest authentication. The decode_credentials path in action_controller/metal/http_authentication.rb converts Digest strings to Ruby symbols, enabling a remote attacker who can access an app using with_http_digest/authenticate...
CVE-2015-3226
CVE-2015-3226 is an XSS vulnerability in Active Support's JSON encoding (ActiveSupport::JSON.encode) where a Hash with user-controlled data is mishandled during JSON encoding, potentially injecting script/HTML when inserted into HTML. Affected are Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2...
CVE-2012-3463
CVE-2012-3463 is a Cross-site Scripting (XSS) vulnerability in Ruby on Rails’ ActionView form helper. The flaw resides in actionpack/lib/action_view/helpers/form_tag_helper.rb, allowing remote attackers to inject arbitrary Web script or HTML via the prompt field to the select_tag helper. Affected...
CVE-2008-4094
CVE-2008-4094 corresponds to multiple SQL injection vulnerabilities in Ruby on Rails prior to 2.1.1, exploitable via the :limit and :offset parameters in ActiveRecord (and related components). Remote attackers could cause arbitrary SQL execution and potentially affect data integrity. The linked d...
CVE-2008-5189
CVE-2008-5189 is a CRLF header injection in Ruby on Rails prior to 2.0.5 that enables remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via a crafted URL to redirect_to. Affected: Rails 2.0.x up to 2.0.4. Remediation: upgrade Rails to 2.0.5 or newer where the r...
CVE-2014-7818
CVE-2014-7818 affects Ruby on Rails Action Pack, with a directory traversal in actionpack/lib/action_dispatch/middleware/static.rb when serve_static_assets is enabled. Affected: Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3. The underlying flaw all...
CVE-2011-4319
CVE-2011-4319 is a cross-site scripting (XSS) vulnerability affecting the i18n translations helper in Ruby on Rails. The issue exists in Rails 3.0.x up to before 3.0.11 and Rails 3.1.x up to before 3.1.2, and in the rails_xss plugin for Rails 2.3.x. An attacker can trigger XSS by supplying a tran...
CVE-2012-1098
Ruby on Rails 3.0.x (pre-3.0.12), 3.1.x (pre-3.1.4), and 3.2.x (pre-3.2.2) are vulnerable to a cross-site scripting (XSS) weakness in SafeBuffer handling. The vulnerability allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object manipulated through...
CVE-2014-7829
ActionPack (Rails) contains a directory traversal vulnerability (CVE-2014-7829) in action_dispatch/middleware/static.rb when serve_static_assets is enabled. Affects Ruby on Rails Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4. The issue allows remot...
CVE-2014-3482
CVE-2014-3482 is a SQL-injection flaw in the PostgreSQL adapter of ActiveRecord (Rails) for Rails 2.x and 3.x before 3.2.19. The root cause is improper bitstring quoting in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb, allowing remote ARBITRARY SQL execution. Public ad...
CVE-2011-2929
CVE-2011-2929 affects Ruby on Rails: the template selection in actionpack/lib/action_view/template/resolver.rb mishandles glob characters in Rails 3.0.x (pre-3.0.10) and 3.1.x (pre-3.1.0.rc6), enabling remote attackers to render arbitrary views via a crafted URL. This is due to a filter skipping ...
CVE-2017-17919
The CVE-2017-17919 entry describes a SQL injection in Rails 5.1.4 and earlier, exploitable via the id desc parameter in the order method. Concrete details across connected docs: affected software (Ruby on Rails), vulnerable component (order method handling untrusted input), and the underlying iss...
CVE-2013-3221
CVE-2013-3221 involves the Active Record component of Ruby on Rails (versions 2.3.x, 3.0.x, 3.1.x, 3.2.x). The issue arises because the database column data type declared for a column is not consistently used when comparing input values to stored values, enabling data-type injection attacks. The ...
CVE-2017-17920
CVE-2017-17920 affects Ruby on Rails 5.1.4 and earlier, via the reorder method where the name parameter can be used to inject SQL. The root cause is SQL injection in that method, enabling arbitrary SQL execution. Multiple connected sources confirm the vulnerability and the vendor disputes the iss...