Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 79 results


CVE-2024-26144

Medium priority
Needs evaluation

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-26143

Medium priority
Needs evaluation

Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-26142

Medium priority
Needs evaluation

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-38037

Medium priority
Needs evaluation

[Active Support Possibly Discloses Locally Encrypted Files]

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-28362

Medium priority
Needs evaluation

[Unknown description]

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-28120

Medium priority
Needs evaluation

[Unknown description]

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-23913

Medium priority
Needs evaluation

[Unknown description]

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-22797

Medium priority
Needs evaluation

An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-22796

Medium priority
Needs evaluation

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-22795

Medium priority
Needs evaluation

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages