Search CVE reports
1 – 10 of 149 results
Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may...
1 affected package
rails
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on...
7 affected packages
rails, ruby-rails-3.2, ruby-actionpack-3.2, ruby-activesupport-3.2, ruby-activerecord-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release |
| rails-4.0 | Not in release | Not in release | Not in release | Not in release |
The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers...
7 affected packages
rails, ruby-rails-3.2, ruby-actionpack-3.2, ruby-activesupport-3.2, ruby-activerecord-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release |
| rails-4.0 | Not in release | Not in release | Not in release | Not in release |
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
7 affected packages
ruby-activemodel-3.2, ruby-activerecord-3.2, ruby-activesupport-3.2, ruby-rails-3.2, rails...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-activemodel-3.2 | — | Not in release | Not in release | Not in release |
| ruby-activerecord-3.2 | — | Not in release | Not in release | Not in release |
| ruby-activesupport-3.2 | — | Not in release | Not in release | Not in release |
| ruby-rails-3.2 | — | Not in release | Not in release | Not in release |
| rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| rails-4.0 | — | Not in release | Not in release | Not in release |
| ruby-actionpack-3.2 | — | Not in release | Not in release | Not in release |
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when...
7 affected packages
rails-4.0, ruby-activemodel-3.2, ruby-activerecord-3.2, ruby-activesupport-3.2, rails...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails-4.0 | — | Not in release | Not in release | Not in release |
| ruby-activemodel-3.2 | — | Not in release | Not in release | Not in release |
| ruby-activerecord-3.2 | — | Not in release | Not in release | Not in release |
| ruby-activesupport-3.2 | — | Not in release | Not in release | Not in release |
| rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ruby-actionpack-3.2 | — | Not in release | Not in release | Not in release |
| ruby-rails-3.2 | — | Not in release | Not in release | Not in release |
Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to...
1 affected package
rails
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible...
1 affected package
ruby-rails-html-sanitizer
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-rails-html-sanitizer | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible...
1 affected package
ruby-rails-html-sanitizer
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-rails-html-sanitizer | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible...
1 affected package
ruby-rails-html-sanitizer
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-rails-html-sanitizer | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri...
1 affected package
ruby-rails-html-sanitizer
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-rails-html-sanitizer | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |