Search CVE reports

81 – 90 of 148 results

Detailed view

Sort by:

CVE-2015-7580

Medium priority

Ignored

Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.

1 affected package

ruby-rails-html-sanitizer

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby-rails-html-sanitizer	—	—	—	Not affected

CVE-2015-7579

Medium priority

Ignored

Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by...

1 affected package

ruby-rails-html-sanitizer

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby-rails-html-sanitizer	—	—	—	Not affected

CVE-2015-7578

Medium priority

Ignored

Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.

1 affected package

ruby-rails-html-sanitizer

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby-rails-html-sanitizer	—	—	—	Not affected

CVE-2015-7577

Medium priority

Some fixes available 1 of 5

activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement...

10 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
rails-4.0	—	—	—	Not in release
ruby-actionpack-2.3	—	—	—	Not in release
ruby-actionpack-3.2	—	—	—	Not in release
ruby-activerecord-2.3	—	—	—	Not in release
ruby-activerecord-3.2	—	—	—	Not in release
ruby-activesupport-2.3	—	—	—	Not in release
ruby-activesupport-3.2	—	—	—	Not in release
ruby-rails-2.3	—	—	—	Not in release
ruby-rails-3.2	—	—	—	Not in release

CVE-2015-7576

Medium priority

Some fixes available 1 of 5

The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before...

10 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
rails-4.0	—	—	—	Not in release
ruby-actionpack-2.3	—	—	—	Not in release
ruby-actionpack-3.2	—	—	—	Not in release
ruby-activerecord-2.3	—	—	—	Not in release
ruby-activerecord-3.2	—	—	—	Not in release
ruby-activesupport-2.3	—	—	—	Not in release
ruby-activesupport-3.2	—	—	—	Not in release
ruby-rails-2.3	—	—	—	Not in release
ruby-rails-3.2	—	—	—	Not in release

CVE-2015-3227

Low priority

Some fixes available 1 of 7

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large...

10 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
rails-4.0	—	—	—	Not in release
ruby-actionpack-2.3	—	—	—	Not in release
ruby-actionpack-3.2	—	—	—	Not in release
ruby-activerecord-2.3	—	—	—	Not in release
ruby-activerecord-3.2	—	—	—	Not in release
ruby-activesupport-2.3	—	—	—	Not in release
ruby-activesupport-3.2	—	—	—	Not in release
ruby-rails-2.3	—	—	—	Not in release
ruby-rails-3.2	—	—	—	Not in release

CVE-2015-3226

Medium priority

Some fixes available 1 of 7

Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash...

10 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
rails-4.0	—	—	—	Not in release
ruby-actionpack-2.3	—	—	—	Not in release
ruby-actionpack-3.2	—	—	—	Not in release
ruby-activerecord-2.3	—	—	—	Not in release
ruby-activerecord-3.2	—	—	—	Not in release
ruby-activesupport-2.3	—	—	—	Not in release
ruby-activesupport-3.2	—	—	—	Not in release
ruby-rails-2.3	—	—	—	Not in release
ruby-rails-3.2	—	—	—	Not in release

CVE-2015-1840

Medium priority

Ignored

jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of...

1 affected package

ruby-jquery-rails

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby-jquery-rails	—	—	—	Not affected

CVE-2014-7829

Low priority

Ignored

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when...

11 affected packages

rails, rails-3.2, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
rails-3.2	—	—	—	Not in release
rails-4.0	—	—	—	Not in release
ruby-actionpack-2.3	—	—	—	Not in release
ruby-actionpack-3.2	—	—	—	Not in release
ruby-activerecord-2.3	—	—	—	Not in release
ruby-activerecord-3.2	—	—	—	Not in release
ruby-activesupport-2.3	—	—	—	Not in release
ruby-activesupport-3.2	—	—	—	Not in release
ruby-rails-2.3	—	—	—	Not in release
ruby-rails-3.2	—	—	—	Not in release

CVE-2014-7818

Low priority

Ignored

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when...

11 affected packages

rails, rails-3.2, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
rails	—	—	—	Not affected
rails-3.2	—	—	—	Not in release
rails-4.0	—	—	—	Not in release
ruby-actionpack-2.3	—	—	—	Not in release
ruby-actionpack-3.2	—	—	—	Not in release
ruby-activerecord-2.3	—	—	—	Not in release
ruby-activerecord-3.2	—	—	—	Not in release
ruby-activesupport-2.3	—	—	—	Not in release
ruby-activesupport-3.2	—	—	—	Not in release
ruby-rails-2.3	—	—	—	Not in release
ruby-rails-3.2	—	—	—	Not in release

Export to JSON

Results by page: