Search CVE reports
1 – 10 of 79 results
CVE-2024-26144
Medium priorityRails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie...
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-4.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2024-26143
Medium priorityRails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in...
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-4.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2024-26142
Medium priorityRails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations...
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-4.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2023-38037
Medium priority[Active Support Possibly Discloses Locally Encrypted Files]
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-4.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2023-28362
Medium priority[Unknown description]
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-4.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2023-28120
Medium priority[Unknown description]
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-4.0 | — | Not in release | Not in release | Not in release | Not in release |
ruby-actionpack-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activemodel-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activerecord-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activesupport-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-rails-3.2 | — | Not in release | Not in release | Not in release | Not in release |
CVE-2023-23913
Medium priority[Unknown description]
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-4.0 | — | Not in release | Not in release | Not in release | Not in release |
ruby-actionpack-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activemodel-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activerecord-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activesupport-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-rails-3.2 | — | Not in release | Not in release | Not in release | Not in release |
CVE-2023-22797
Medium priorityAn open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing...
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-4.0 | — | Not in release | Not in release | Not in release | Not in release |
ruby-actionpack-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activemodel-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activerecord-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activesupport-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-rails-3.2 | — | Not in release | Not in release | Not in release | Not in release |
CVE-2023-22796
Medium priorityA regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of...
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-4.0 | — | Not in release | Not in release | Not in release | Not in release |
ruby-actionpack-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activemodel-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activerecord-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activesupport-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-rails-3.2 | — | Not in release | Not in release | Not in release | Not in release |
CVE-2023-22795
Medium priorityA regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of...
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-4.0 | — | Not in release | Not in release | Not in release | Not in release |
ruby-actionpack-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activemodel-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activerecord-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-activesupport-3.2 | — | Not in release | Not in release | Not in release | Not in release |
ruby-rails-3.2 | — | Not in release | Not in release | Not in release | Not in release |