Search CVE reports

21 – 30 of 148 results

Detailed view

Sort by:

CVE-2023-22797

Medium priority

Needs evaluation

An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing...

7 affected packages

rails, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2, ruby-activesupport-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ruby-actionpack-3.2	—	Not in release	Not in release	Not in release
ruby-activemodel-3.2	—	Not in release	Not in release	Not in release
ruby-activerecord-3.2	—	Not in release	Not in release	Not in release
ruby-activesupport-3.2	—	Not in release	Not in release	Not in release
ruby-rails-3.2	—	Not in release	Not in release	Not in release
rails-4.0	—	Not in release	Not in release	Not in release

CVE-2023-22796

Medium priority

Needs evaluation

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	—	Not in release	Not in release	Not in release
ruby-actionpack-3.2	—	Not in release	Not in release	Not in release
ruby-activemodel-3.2	—	Not in release	Not in release	Not in release
ruby-activerecord-3.2	—	Not in release	Not in release	Not in release
ruby-activesupport-3.2	—	Not in release	Not in release	Not in release
ruby-rails-3.2	—	Not in release	Not in release	Not in release

CVE-2023-22795

Medium priority

Needs evaluation

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	—	Not in release	Not in release	Not in release
ruby-actionpack-3.2	—	Not in release	Not in release	Not in release
ruby-activemodel-3.2	—	Not in release	Not in release	Not in release
ruby-activerecord-3.2	—	Not in release	Not in release	Not in release
ruby-rails-3.2	—	Not in release	Not in release	Not in release
ruby-activesupport-3.2	—	Not in release	Not in release	Not in release

CVE-2023-22794

Medium priority

Needs evaluation

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	—	Not in release	Not in release	Not in release
ruby-actionpack-3.2	—	Not in release	Not in release	Not in release
ruby-activemodel-3.2	—	Not in release	Not in release	Not in release
ruby-activerecord-3.2	—	Not in release	Not in release	Not in release
ruby-activesupport-3.2	—	Not in release	Not in release	Not in release
ruby-rails-3.2	—	Not in release	Not in release	Not in release

CVE-2023-22792

Medium priority

Needs evaluation

A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	—	Not in release	Not in release	Not in release
ruby-actionpack-3.2	—	Not in release	Not in release	Not in release
ruby-activemodel-3.2	—	Not in release	Not in release	Not in release
ruby-activerecord-3.2	—	Not in release	Not in release	Not in release
ruby-activesupport-3.2	—	Not in release	Not in release	Not in release
ruby-rails-3.2	—	Not in release	Not in release	Not in release

CVE-2022-44566

Medium priority

Needs evaluation

A denial of service vulnerability present in ActiveRecord’s PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the...

7 affected packages

rails, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2, ruby-activesupport-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ruby-actionpack-3.2	—	Not in release	Not in release	Not in release
ruby-activemodel-3.2	—	Not in release	Not in release	Not in release
ruby-activerecord-3.2	—	Not in release	Not in release	Not in release
ruby-activesupport-3.2	—	Not in release	Not in release	Not in release
ruby-rails-3.2	—	Not in release	Not in release	Not in release
rails-4.0	—	Not in release	Not in release	Not in release

CVE-2022-3704

Low priority

Ignored

A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	Not affected	Not affected	Not affected	Not affected
rails-4.0	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release

CVE-2022-32224

Medium priority

Needs evaluation

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release

CVE-2022-32209

Medium priority

Needs evaluation

# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions...

1 affected package

ruby-rails-html-sanitizer

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby-rails-html-sanitizer	Not affected	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-31129

Medium priority

Some fixes available 4 of 102

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...

11 affected packages

node-moment, gnucash, mediawiki, ntopng, odoo...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
node-moment	Not affected	Fixed	Fixed	Fixed
gnucash	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ntopng	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
odoo	Needs evaluation	Needs evaluation	Not in release	Not in release
omnidb	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
ruby-momentjs-rails	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
sabnzbdplus	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
syncthing	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wordpress	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
postfixadmin	Vulnerable	Fixed	Not affected	Not affected

Export to JSON

Results by page: