Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

21 – 30 of 53 results

CVE-2021-22942

Medium priority
Needs evaluation

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2021-22904

Medium priority
Needs evaluation

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2021-22903

Medium priority
Needs evaluation

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2021-22902

Medium priority
Needs evaluation

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2021-22885

Medium priority
Needs evaluation

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2021-22881

Medium priority
Needs evaluation

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2021-22880

Low priority
Needs evaluation

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2020-8264

Medium priority
Not affected

In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Not affected Not affected Not affected
rails-4.0 Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2020-15169

Medium priority
Needs evaluation

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t`...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2020-8185

Medium priority
Needs evaluation

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON