CVE-2019-5420
|
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
Published:
March 27, 2019; 10:29:01 AM -04:00
|
V3.0: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2019-5419
|
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
Published:
March 27, 2019; 10:29:01 AM -04:00
|
V3.0: 7.5 HIGH
V2: 7.8 HIGH
|
CVE-2019-5418
|
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Published:
March 27, 2019; 10:29:01 AM -04:00
|
V3.0: 7.5 HIGH
V2: 5.0 MEDIUM
|
CVE-2014-3916
|
The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.
Published:
November 16, 2014; 12:59:04 PM -05:00
|
V2: 5.0 MEDIUM
|
CVE-2014-3482
|
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.
Published:
July 07, 2014; 07:01:30 AM -04:00
|
V2: 7.5 HIGH
|
CVE-2014-0081
|
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
Published:
February 20, 2014; 10:27:09 AM -05:00
|
V2: 4.3 MEDIUM
|
CVE-2013-6417
|
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.
Published:
December 06, 2013; 07:55:03 PM -05:00
|
V2: 6.4 MEDIUM
|
CVE-2013-6416
|
Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.
Published:
December 06, 2013; 07:55:03 PM -05:00
|
V2: 4.3 MEDIUM
|
CVE-2013-6415
|
Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.
Published:
December 06, 2013; 07:55:03 PM -05:00
|
V2: 4.3 MEDIUM
|
CVE-2013-6414
|
actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.
Published:
December 06, 2013; 07:55:03 PM -05:00
|
V2: 5.0 MEDIUM
|
CVE-2013-4491
|
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.
Published:
December 06, 2013; 07:55:03 PM -05:00
|
V2: 4.3 MEDIUM
|
CVE-2013-1857
|
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.
Published:
March 19, 2013; 06:55:01 PM -04:00
|
V2: 4.3 MEDIUM
|
CVE-2013-1855
|
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
Published:
March 19, 2013; 06:55:01 PM -04:00
|
V2: 4.3 MEDIUM
|
CVE-2012-6497
|
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.
Published:
January 03, 2013; 11:46:02 PM -05:00
|
V2: 5.0 MEDIUM
|
CVE-2012-3465
|
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
Published:
August 10, 2012; 06:34:47 AM -04:00
|
V2: 4.3 MEDIUM
|
CVE-2012-3464
|
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.
Published:
August 10, 2012; 06:34:47 AM -04:00
|
V2: 4.3 MEDIUM
|
CVE-2011-2932
|
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability."
Published:
August 29, 2011; 02:55:01 PM -04:00
|
V2: 4.3 MEDIUM
|
CVE-2011-2931
|
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.
Published:
August 29, 2011; 02:55:01 PM -04:00
|
V2: 4.3 MEDIUM
|
CVE-2011-2930
|
Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.
Published:
August 29, 2011; 02:55:01 PM -04:00
|
V2: 7.5 HIGH
|
CVE-2011-2197
|
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.
Published:
June 30, 2011; 11:55:01 AM -04:00
|
V2: 4.3 MEDIUM
|