Search CVE reports


Toggle filters

1 – 10 of 26 results


CVE-2016-6317

Medium priority
Ignored

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended...

11 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Not affected Not affected
rails-4.0 Not in release Not in release
ruby-actionpack-2.3 Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release
ruby-activerecord-2.3 Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release
ruby-activesupport-2.3 Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release
ruby-rails-2.3 Not in release Not in release
ruby-rails-3.2 Not in release Not in release
Show all 11 packages Show less packages

CVE-2016-6316

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as...

11 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Not affected Not affected
rails-4.0 Not in release Not in release
ruby-actionpack-2.3 Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release
ruby-activerecord-2.3 Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release
ruby-activesupport-2.3 Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release
ruby-rails-2.3 Not in release Not in release
ruby-rails-3.2 Not in release Not in release
Show all 11 packages Show less packages

CVE-2016-2098

Medium priority
Ignored

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

11 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Not affected Not affected
rails-4.0 Not in release Not in release
ruby-actionpack-2.3 Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release
ruby-activerecord-2.3 Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release
ruby-activesupport-2.3 Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release
ruby-rails-2.3 Not in release Not in release
ruby-rails-3.2 Not in release Not in release
Show all 11 packages Show less packages

CVE-2016-2097

Medium priority
Ignored

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and...

11 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Not affected Not affected
rails-4.0 Not in release Not in release
ruby-actionpack-2.3 Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release
ruby-activerecord-2.3 Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release
ruby-activesupport-2.3 Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release
ruby-rails-2.3 Not in release Not in release
ruby-rails-3.2 Not in release Not in release
Show all 11 packages Show less packages

CVE-2016-0753

Medium priority

Some fixes available 1 of 5

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation...

11 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Not affected Not affected
rails-4.0 Not in release Not in release
ruby-actionpack-2.3 Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release
ruby-activerecord-2.3 Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release
ruby-activesupport-2.3 Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release
ruby-rails-2.3 Not in release Not in release
ruby-rails-3.2 Not in release Not in release
Show all 11 packages Show less packages

CVE-2016-0752

Medium priority

Some fixes available 1 of 9

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging...

10 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Not affected Not affected
rails-4.0 Not in release Not in release
ruby-actionpack-2.3 Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release
ruby-activerecord-2.3 Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release
ruby-activesupport-2.3 Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release
ruby-rails-2.3 Not in release Not in release
ruby-rails-3.2 Not in release Not in release
Show all 10 packages Show less packages

CVE-2016-0751

Medium priority

Some fixes available 1 of 6

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type...

10 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Not affected Not affected
rails-4.0 Not in release Not in release
ruby-actionpack-2.3 Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release
ruby-activerecord-2.3 Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release
ruby-activesupport-2.3 Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release
ruby-rails-2.3 Not in release Not in release
ruby-rails-3.2 Not in release Not in release
Show all 10 packages Show less packages

CVE-2015-7581

Medium priority

Some fixes available 1 of 5

actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption)...

10 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Not affected Not affected
rails-4.0 Not in release Not in release
ruby-actionpack-2.3 Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release
ruby-activerecord-2.3 Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release
ruby-activesupport-2.3 Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release
ruby-rails-2.3 Not in release Not in release
ruby-rails-3.2 Not in release Not in release
Show all 10 packages Show less packages

CVE-2015-7577

Medium priority

Some fixes available 1 of 5

activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement...

10 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Not affected Not affected
rails-4.0 Not in release Not in release
ruby-actionpack-2.3 Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release
ruby-activerecord-2.3 Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release
ruby-activesupport-2.3 Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release
ruby-rails-2.3 Not in release Not in release
ruby-rails-3.2 Not in release Not in release
Show all 10 packages Show less packages

CVE-2015-7576

Medium priority

Some fixes available 1 of 5

The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before...

10 affected packages

rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activerecord-2.3...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Not affected Not affected
rails-4.0 Not in release Not in release
ruby-actionpack-2.3 Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release
ruby-activerecord-2.3 Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release
ruby-activesupport-2.3 Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release
ruby-rails-2.3 Not in release Not in release
ruby-rails-3.2 Not in release Not in release
Show all 10 packages Show less packages