Search CVE reports
1 – 10 of 26 results
CVE-2016-6317
Medium priorityAction Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | — | — | — | Not affected | Not affected |
rails-4.0 | — | — | — | Not in release | Not in release |
ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
ruby-activemodel-3.2 | — | — | — | Not in release | Not in release |
ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
ruby-rails-2.3 | — | — | — | Not in release | Not in release |
ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2016-6316
Medium priorityCross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | — | — | — | Not affected | Not affected |
rails-4.0 | — | — | — | Not in release | Not in release |
ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
ruby-activemodel-3.2 | — | — | — | Not in release | Not in release |
ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
ruby-rails-2.3 | — | — | — | Not in release | Not in release |
ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2016-2098
Medium priorityAction Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | — | — | — | Not affected | Not affected |
rails-4.0 | — | — | — | Not in release | Not in release |
ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
ruby-activemodel-3.2 | — | — | — | Not in release | Not in release |
ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
ruby-rails-2.3 | — | — | — | Not in release | Not in release |
ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2016-2097
Medium priorityDirectory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | — | — | — | Not affected | Not affected |
rails-4.0 | — | — | — | Not in release | Not in release |
ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
ruby-activemodel-3.2 | — | — | — | Not in release | Not in release |
ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
ruby-rails-2.3 | — | — | — | Not in release | Not in release |
ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2016-0753
Medium prioritySome fixes available 1 of 5
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | — | — | — | Not affected | Not affected |
rails-4.0 | — | — | — | Not in release | Not in release |
ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
ruby-activemodel-3.2 | — | — | — | Not in release | Not in release |
ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
ruby-rails-2.3 | — | — | — | Not in release | Not in release |
ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2016-0752
Medium prioritySome fixes available 1 of 9
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | — | — | — | Not affected | Not affected |
rails-4.0 | — | — | — | Not in release | Not in release |
ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
ruby-rails-2.3 | — | — | — | Not in release | Not in release |
ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2016-0751
Medium prioritySome fixes available 1 of 6
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | — | — | — | Not affected | Not affected |
rails-4.0 | — | — | — | Not in release | Not in release |
ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
ruby-rails-2.3 | — | — | — | Not in release | Not in release |
ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2015-7581
Medium prioritySome fixes available 1 of 5
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption)...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | — | — | — | Not affected | Not affected |
rails-4.0 | — | — | — | Not in release | Not in release |
ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
ruby-rails-2.3 | — | — | — | Not in release | Not in release |
ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2015-7577
Medium prioritySome fixes available 1 of 5
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | — | — | — | Not affected | Not affected |
rails-4.0 | — | — | — | Not in release | Not in release |
ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
ruby-rails-2.3 | — | — | — | Not in release | Not in release |
ruby-rails-3.2 | — | — | — | Not in release | Not in release |
CVE-2015-7576
Medium prioritySome fixes available 1 of 5
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before...
10 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rails | — | — | — | Not affected | Not affected |
rails-4.0 | — | — | — | Not in release | Not in release |
ruby-actionpack-2.3 | — | — | — | Not in release | Not in release |
ruby-actionpack-3.2 | — | — | — | Not in release | Not in release |
ruby-activerecord-2.3 | — | — | — | Not in release | Not in release |
ruby-activerecord-3.2 | — | — | — | Not in release | Not in release |
ruby-activesupport-2.3 | — | — | — | Not in release | Not in release |
ruby-activesupport-3.2 | — | — | — | Not in release | Not in release |
ruby-rails-2.3 | — | — | — | Not in release | Not in release |
ruby-rails-3.2 | — | — | — | Not in release | Not in release |