Ruby On Rails@3.2.15 Security Vulnerabilities and Issues — Ruby On Rails@3.2.15 CVE List

Lucene search

RubyonrailsRuby On Rails3.2.15

7 matches found

CVE•added 2014/02/20 3:27 p.m.•114 views

CVE-2014-0081

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) u...

4.3CVSS5.9AI score0.00885EPSS

CVE•added 2013/12/07 12:55 a.m.•101 views

CVE-2013-6415

Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.

4.3CVSS5.4AI score0.01506EPSS

CVE•added 2013/12/07 12:55 a.m.•95 views

CVE-2013-6414

actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.

5CVSS6.2AI score0.70843EPSS

CVE•added 2014/02/20 3:27 p.m.•89 views

CVE-2014-0082

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in head...

5CVSS6AI score0.06456EPSS

CVE•added 2013/12/07 12:55 a.m.•87 views

CVE-2013-6417

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictio...

6.4CVSS7.5AI score0.11368EPSS

CVE•added 2016/09/07 7:28 p.m.•85 views

CVE-2016-6316

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.

6.1CVSS6.1AI score0.02193EPSS

CVE•added 2013/12/07 12:55 a.m.•84 views

CVE-2013-4491

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers genera...

4.3CVSS5.3AI score0.00713EPSS