Search CVE reports
51 – 60 of 79 results
CVE-2016-2098
Medium priorityAction Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rails | — | — | — | Not affected | Not affected |
| rails-4.0 | — | — | — | Not in release | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
| ruby-activemodel-3.2 | — | — | — | Not in release | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2016-2097
Medium priorityDirectory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rails | — | — | — | Not affected | Not affected |
| rails-4.0 | — | — | — | Not in release | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
| ruby-activemodel-3.2 | — | — | — | Not in release | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2016-0753
Medium prioritySome fixes available 1 of 5
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rails | — | — | — | Not affected | Not affected |
| rails-4.0 | — | — | — | Not in release | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
| ruby-activemodel-3.2 | — | — | — | Not in release | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2016-0752
Medium prioritySome fixes available 1 of 9
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rails | — | — | — | Not affected | Not affected |
| rails-4.0 | — | — | — | Not in release | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2016-0751
Medium prioritySome fixes available 1 of 6
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rails | — | — | — | Not affected | Not affected |
| rails-4.0 | — | — | — | Not in release | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2015-7581
Medium prioritySome fixes available 1 of 5
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption)...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rails | — | — | — | Not affected | Not affected |
| rails-4.0 | — | — | — | Not in release | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2015-7577
Medium prioritySome fixes available 1 of 5
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rails | — | — | — | Not affected | Not affected |
| rails-4.0 | — | — | — | Not in release | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2015-7576
Medium prioritySome fixes available 1 of 5
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rails | — | — | — | Not affected | Not affected |
| rails-4.0 | — | — | — | Not in release | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2015-3227
Low prioritySome fixes available 1 of 7
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rails | — | — | — | Not affected | Not affected |
| rails-4.0 | — | — | — | Not in release | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2015-3226
Medium prioritySome fixes available 1 of 7
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rails | — | — | — | Not affected | Not affected |
| rails-4.0 | — | — | — | Not in release | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release | Not in release |