Search CVE reports

1 – 10 of 53 results

Detailed view

Sort by:

CVE-2024-26144

Medium priority

Needs evaluation

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2024-26143

Medium priority

Needs evaluation

Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2024-26142

Medium priority

Needs evaluation

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2023-38037

Medium priority

Needs evaluation

[Active Support Possibly Discloses Locally Encrypted Files]

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2023-28362

Medium priority

Needs evaluation

[Unknown description]

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2023-28120

Medium priority

Needs evaluation

[Unknown description]

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	—	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	—	Not in release	Not in release	Not in release	Not in release

CVE-2023-23913

Medium priority

Needs evaluation

[Unknown description]

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	—	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	—	Not in release	Not in release	Not in release	Not in release

CVE-2023-22797

Medium priority

Needs evaluation

An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	—	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	—	Not in release	Not in release	Not in release	Not in release

CVE-2023-22796

Medium priority

Needs evaluation

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	—	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	—	Not in release	Not in release	Not in release	Not in release

CVE-2023-22795

Medium priority

Needs evaluation

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	—	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	—	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	—	Not in release	Not in release	Not in release	Not in release

Export to JSON

Results by page: