| 0 |
| url |
VCID-1161-4sdr-fkc3 |
| vulnerability_id |
VCID-1161-4sdr-fkc3 |
| summary |
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true` |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.20 |
| purl |
pkg:gem/actionpack@3.2.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 19 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 20 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 23 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 24 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 25 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 26 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 27 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 28 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.20 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.11 |
| purl |
pkg:gem/actionpack@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 19 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 20 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 21 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 22 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 23 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 24 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 25 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 26 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 27 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11 |
|
| 2 |
| url |
pkg:gem/actionpack@4.1.0.beta1 |
| purl |
pkg:gem/actionpack@4.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 14 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 15 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 16 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 17 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 18 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 19 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 20 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 21 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 22 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 23 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 24 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 25 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 26 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 27 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 28 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 29 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1 |
|
| 3 |
| url |
pkg:gem/actionpack@4.1.7 |
| purl |
pkg:gem/actionpack@4.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 19 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 20 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 21 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 22 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 23 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 24 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 25 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 26 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 27 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7 |
|
| 4 |
| url |
pkg:gem/actionpack@4.2.0.beta1 |
| purl |
pkg:gem/actionpack@4.2.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 6 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 7 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 19 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 20 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 21 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 22 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 23 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 24 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 25 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 26 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 27 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1 |
|
| 5 |
| url |
pkg:gem/actionpack@4.2.0.beta3 |
| purl |
pkg:gem/actionpack@4.2.0.beta3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 11 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 12 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 18 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 19 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 20 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 23 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 24 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 25 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 26 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta3 |
|
|
| aliases |
CVE-2014-7818, GHSA-29gr-w57f-rpfw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1161-4sdr-fkc3 |
|
| 1 |
| url |
VCID-14eh-tn37-bfhu |
| vulnerability_id |
VCID-14eh-tn37-bfhu |
| summary |
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
Due to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.16 |
| purl |
pkg:gem/actionpack@3.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 12 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 13 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 14 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 15 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 16 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 17 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 18 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 19 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 20 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 21 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 25 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 26 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 27 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 28 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 29 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 30 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 31 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 32 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 14 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 15 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 16 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 17 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 18 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 19 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 20 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 21 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 25 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 26 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 27 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 28 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 29 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 30 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-6417, GHSA-wpw7-wxjm-cw8r, OSV-100527
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-14eh-tn37-bfhu |
|
| 2 |
| url |
VCID-26je-urbt-8kee |
| vulnerability_id |
VCID-26je-urbt-8kee |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.17 |
| purl |
pkg:gem/actionpack@3.2.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 6 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 7 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 8 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 9 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 10 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 11 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 12 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 13 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 14 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 15 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 16 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 17 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 18 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 19 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 20 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 21 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 22 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 23 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 24 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 25 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 26 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 27 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 28 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 29 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 30 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.3 |
| purl |
pkg:gem/actionpack@4.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 6 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 7 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 8 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 9 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 10 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 11 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 12 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 13 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 14 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 15 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 16 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 17 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 18 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 19 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 20 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 21 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 22 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 23 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 24 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 25 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 26 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 27 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 28 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 29 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.3 |
|
| 2 |
| url |
pkg:gem/actionpack@4.1.0.beta1 |
| purl |
pkg:gem/actionpack@4.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 14 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 15 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 16 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 17 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 18 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 19 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 20 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 21 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 22 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 23 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 24 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 25 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 26 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 27 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 28 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 29 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1 |
|
| 3 |
| url |
pkg:gem/actionpack@4.1.1 |
| purl |
pkg:gem/actionpack@4.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 6 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 7 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 8 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 9 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 10 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 11 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 12 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 13 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 14 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 15 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 16 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 17 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 18 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 19 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 20 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 21 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 22 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 23 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 24 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 25 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 26 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 27 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 28 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1 |
|
|
| aliases |
CVE-2014-0081, GHSA-m46p-ggm5-5j83, OSV-103439
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-26je-urbt-8kee |
|
| 3 |
| url |
VCID-31rm-1rpc-g3dq |
| vulnerability_id |
VCID-31rm-1rpc-g3dq |
| summary |
SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.4 |
| purl |
pkg:gem/actionpack@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 5 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 6 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 7 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 8 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 9 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 10 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 11 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 12 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 13 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 14 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 15 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 16 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 17 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 18 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 19 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 20 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 21 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 22 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 23 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 24 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 25 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 26 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 27 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 28 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 29 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 30 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 31 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 32 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 33 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 34 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 35 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 36 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 37 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 38 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 39 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 40 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 41 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 42 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 43 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4 |
|
|
| aliases |
CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-31rm-1rpc-g3dq |
|
| 4 |
| url |
VCID-4jjq-jkgc-mkca |
| vulnerability_id |
VCID-4jjq-jkgc-mkca |
| summary |
Rails has possible XSS Vulnerability in Action Controller
# Possible XSS Vulnerability in Action Controller
There is a possible XSS vulnerability when using the translation helpers
(`translate`, `t`, etc) in Action Controller. This vulnerability has been
assigned the CVE identifier CVE-2024-26143.
Versions Affected: >= 7.0.0.
Not affected: < 7.0.0
Fixed Versions: 7.1.3.1, 7.0.8.1
Impact
------
Applications using translation methods like `translate`, or `t` on a
controller, with a key ending in "_html", a `:default` key which contains
untrusted user input, and the resulting string is used in a view, may be
susceptible to an XSS vulnerability.
For example, impacted code will look something like this:
```ruby
class ArticlesController < ApplicationController
def show
@message = t("message_html", default: untrusted_input)
# The `show` template displays the contents of `@message`
end
end
```
To reiterate the pre-conditions, applications must:
* Use a translation function from a controller (i.e. _not_ I18n.t, or `t` from
a view)
* Use a key that ends in `_html`
* Use a default value where the default value is untrusted and unescaped input
* Send the text to the victim (whether that's part of a template, or a
`render` call)
All users running an affected release should either upgrade or use one of the
workarounds immediately.
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
There are no feasible workarounds for this issue.
Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.
* 7-0-translate-xss.patch - Patch for 7.0 series
* 7-1-translate-xss.patch - Patch for 7.1 series
Credits
-------
Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the patch and fix! |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-26143, GHSA-9822-6m93-xqf4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4jjq-jkgc-mkca |
|
| 5 |
| url |
VCID-6as7-jkwa-53dk |
| vulnerability_id |
VCID-6as7-jkwa-53dk |
| summary |
Multiple vulnerabilities in parameter parsing in Action Pack
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.1.10 |
| purl |
pkg:gem/actionpack@3.1.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 12 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 26 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 27 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 28 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 29 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 30 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 31 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 32 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 33 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 36 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 37 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.10 |
|
| 1 |
| url |
pkg:gem/actionpack@3.2.0.rc1 |
| purl |
pkg:gem/actionpack@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 5 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 6 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 7 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 8 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 9 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 10 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 11 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 12 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 13 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 14 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 15 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 16 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 17 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 18 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 19 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 20 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 21 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 22 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 23 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 24 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 25 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 26 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 27 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 28 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 29 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 30 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 31 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 32 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 33 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 34 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 35 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 36 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 37 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 38 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 39 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 40 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 41 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 42 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 43 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 44 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1 |
|
| 2 |
| url |
pkg:gem/actionpack@3.2.11 |
| purl |
pkg:gem/actionpack@3.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 17 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 18 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 19 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 20 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 21 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 22 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 23 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 24 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 25 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 34 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 35 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 36 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 37 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 38 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 39 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.11 |
|
|
| aliases |
CVE-2013-0156, GHSA-jmgw-6vjg-jjwg, OSV-89026
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6as7-jkwa-53dk |
|
| 6 |
| url |
VCID-6cjf-b88j-n3bw |
| vulnerability_id |
VCID-6cjf-b88j-n3bw |
| summary |
Cross-Site Request Forgery (CSRF)
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-0447, GHSA-24fg-p96v-hxh8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6cjf-b88j-n3bw |
|
| 7 |
| url |
VCID-6jdd-kze9-myfz |
| vulnerability_id |
VCID-6jdd-kze9-myfz |
| summary |
High severity vulnerability that affects actionpack
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-0449, GHSA-4ww3-3rxj-8v6q
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6jdd-kze9-myfz |
|
| 8 |
|
| 9 |
| url |
VCID-auvj-pgpu-mybv |
| vulnerability_id |
VCID-auvj-pgpu-mybv |
| summary |
XSS Vulnerability in the `sanitize` helper
The `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.1.12 |
| purl |
pkg:gem/actionpack@3.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 12 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 26 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 27 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 28 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 29 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 30 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 31 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 32 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 33 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 36 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 37 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12 |
|
| 1 |
| url |
pkg:gem/actionpack@3.2.13 |
| purl |
pkg:gem/actionpack@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 17 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 18 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 19 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 20 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 21 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 22 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 23 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 24 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 25 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 34 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 35 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 36 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 37 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 38 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 39 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13 |
|
|
| aliases |
CVE-2013-1857, GHSA-j838-vfpq-fmf2, OSV-91454
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-auvj-pgpu-mybv |
|
| 10 |
| url |
VCID-b5zn-u8pu-zya6 |
| vulnerability_id |
VCID-b5zn-u8pu-zya6 |
| summary |
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.6 |
| purl |
pkg:gem/actionpack@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 5 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 6 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 7 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 8 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 9 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 10 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 11 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 12 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 13 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 14 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 15 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 16 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 17 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 18 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 19 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 20 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 21 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 22 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 23 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 24 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 25 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 26 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 27 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 28 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 29 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 30 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 31 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 32 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 33 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 34 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 35 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 36 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 37 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 38 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 39 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 40 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 41 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 42 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 43 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.6 |
|
|
| aliases |
CVE-2012-2694, GHSA-q34c-48gc-m9g8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b5zn-u8pu-zya6 |
|
| 11 |
| url |
VCID-ct3m-wed2-6bhq |
| vulnerability_id |
VCID-ct3m-wed2-6bhq |
| summary |
Path Traversal
The Rails gem allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` in a pathname. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
http://rhn.redhat.com/errata/RHSA-2016-0296.html |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/ |
|
|
| url |
http://rhn.redhat.com/errata/RHSA-2016-0296.html |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| reference_url |
http://www.debian.org/security/2016/dsa-3464 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/ |
|
|
| url |
http://www.debian.org/security/2016/dsa-3464 |
|
| 16 |
|
| 17 |
| reference_url |
http://www.securityfocus.com/bid/81801 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/ |
|
|
| url |
http://www.securityfocus.com/bid/81801 |
|
| 18 |
| reference_url |
http://www.securitytracker.com/id/1034816 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/ |
|
|
| url |
http://www.securitytracker.com/id/1034816 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.22.1 |
| purl |
pkg:gem/actionpack@3.2.22.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 18 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 21 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 22 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 23 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 24 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 25 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1 |
|
| 1 |
| url |
pkg:gem/actionpack@4.1.14.1 |
| purl |
pkg:gem/actionpack@4.1.14.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 18 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 21 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 22 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 23 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 24 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.2.5.1 |
| purl |
pkg:gem/actionpack@4.2.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 18 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 21 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 22 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 23 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1 |
|
|
| aliases |
CVE-2016-0752, GHSA-xrr4-p6fq-hjg7
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ct3m-wed2-6bhq |
|
| 12 |
| url |
VCID-dz1r-ae9g-57en |
| vulnerability_id |
VCID-dz1r-ae9g-57en |
| summary |
Exposure of Sensitive Information to an Unauthorized Actor
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-3086, GHSA-fg9w-g6m4-557j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dz1r-ae9g-57en |
|
| 13 |
| url |
VCID-f22x-hsz9-kfau |
| vulnerability_id |
VCID-f22x-hsz9-kfau |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2319036 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2319036 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/rails/rails |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/rails/rails |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://access.redhat.com/security/cve/cve-2024-41128 |
| reference_id |
CVE-2024-41128 |
| reference_type |
|
| scores |
| 0 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/ |
|
|
| url |
https://access.redhat.com/security/cve/cve-2024-41128 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj |
| reference_id |
GHSA-x76w-6vjr-8xgj |
| reference_type |
|
| scores |
| 0 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 2 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/ |
|
|
| url |
https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-41128, GHSA-x76w-6vjr-8xgj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f22x-hsz9-kfau |
|
| 14 |
| url |
VCID-f8s8-epzh-3bhw |
| vulnerability_id |
VCID-f8s8-epzh-3bhw |
| summary |
Denial of Service Vulnerability when using render :text
Strings sent in specially crafted headers will be converted to symbols. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.17 |
| purl |
pkg:gem/actionpack@3.2.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 6 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 7 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 8 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 9 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 10 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 11 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 12 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 13 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 14 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 15 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 16 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 17 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 18 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 19 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 20 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 21 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 22 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 23 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 24 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 25 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 26 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 27 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 28 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 29 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 30 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.0.beta1 |
| purl |
pkg:gem/actionpack@4.0.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 12 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 20 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 21 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 22 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 23 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 24 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 25 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 26 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 27 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 28 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 29 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 30 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 31 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 32 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 33 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 36 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0.beta1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.0.0 |
| purl |
pkg:gem/actionpack@4.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-1bxj-7h5q-jbdz |
|
| 3 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 4 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 5 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 6 |
| vulnerability |
VCID-5za7-eapk-3qgx |
|
| 7 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 8 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 9 |
| vulnerability |
VCID-8frw-skyq-1fh9 |
|
| 10 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 11 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 12 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 13 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 14 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 15 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 16 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 17 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 18 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 19 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 20 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 21 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 22 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 23 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 24 |
| vulnerability |
VCID-kurg-1k8b-zkh6 |
|
| 25 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 26 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 27 |
| vulnerability |
VCID-mrwn-mkcp-j7dv |
|
| 28 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 29 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 30 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 31 |
| vulnerability |
VCID-rjft-pjjz-vycp |
|
| 32 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 33 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 34 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 35 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 36 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 37 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 38 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 39 |
| vulnerability |
VCID-w2ca-rqx2-m7f4 |
|
| 40 |
| vulnerability |
VCID-wrrq-xxs9-xka9 |
|
| 41 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 42 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 43 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 44 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 45 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0 |
|
|
| aliases |
CVE-2014-0082, GHSA-7cgp-c3g7-qvrw, OSV-103440
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f8s8-epzh-3bhw |
|
| 15 |
| url |
VCID-fm16-z8wy-6fgz |
| vulnerability_id |
VCID-fm16-z8wy-6fgz |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-3009, GHSA-8qrh-h9m2-5fvf, OSV-57666
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fm16-z8wy-6fgz |
|
| 16 |
|
| 17 |
| url |
VCID-ghfd-u91m-dbdz |
| vulnerability_id |
VCID-ghfd-u91m-dbdz |
| summary |
Denial of Service Vulnerability in Action View
There is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.16 |
| purl |
pkg:gem/actionpack@3.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 12 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 13 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 14 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 15 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 16 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 17 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 18 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 19 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 20 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 21 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 25 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 26 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 27 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 28 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 29 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 30 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 31 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 32 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 14 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 15 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 16 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 17 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 18 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 19 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 20 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 21 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 25 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 26 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 27 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 28 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 29 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 30 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-6414, GHSA-mpxf-gcw2-pw5q, OSV-100525
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ghfd-u91m-dbdz |
|
| 18 |
| url |
VCID-gqg3-gs2h-zugf |
| vulnerability_id |
VCID-gqg3-gs2h-zugf |
| summary |
XSS vulnerability in sanitize_css in Action Pack
Carefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.1.12 |
| purl |
pkg:gem/actionpack@3.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 12 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 26 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 27 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 28 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 29 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 30 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 31 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 32 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 33 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 36 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 37 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12 |
|
| 1 |
| url |
pkg:gem/actionpack@3.2.13 |
| purl |
pkg:gem/actionpack@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 17 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 18 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 19 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 20 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 21 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 22 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 23 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 24 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 25 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 34 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 35 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 36 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 37 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 38 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 39 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13 |
|
|
| aliases |
CVE-2013-1855, GHSA-q759-hwvc-m3jg, OSV-91452
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gqg3-gs2h-zugf |
|
| 19 |
| url |
VCID-hud5-xxhh-u3ex |
| vulnerability_id |
VCID-hud5-xxhh-u3ex |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-0446, GHSA-75w6-p6mg-vh8j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hud5-xxhh-u3ex |
|
| 20 |
| url |
VCID-j52w-azvw-1ycn |
| vulnerability_id |
VCID-j52w-azvw-1ycn |
| summary |
Directory Traversal Vulnerability With Certain Route Configurations
The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the RoR application server. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
http://rhn.redhat.com/errata/RHSA-2014-1863.html |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:25:09Z/ |
|
|
| url |
http://rhn.redhat.com/errata/RHSA-2014-1863.html |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.18 |
| purl |
pkg:gem/actionpack@3.2.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 6 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 7 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 8 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 9 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 10 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 11 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 12 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 13 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 14 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 15 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 16 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 17 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 18 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 19 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 20 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 21 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 22 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 23 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 24 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 25 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 26 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 27 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 28 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 29 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.18 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.5 |
| purl |
pkg:gem/actionpack@4.0.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 6 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 7 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 8 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 9 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 10 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 11 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 12 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 13 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 14 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 15 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 16 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 17 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 18 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 19 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 20 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 21 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 22 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 23 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 24 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 25 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 26 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 27 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 28 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.5 |
|
| 2 |
| url |
pkg:gem/actionpack@4.1.1 |
| purl |
pkg:gem/actionpack@4.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 6 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 7 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 8 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 9 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 10 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 11 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 12 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 13 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 14 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 15 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 16 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 17 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 18 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 19 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 20 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 21 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 22 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 23 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 24 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 25 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 26 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 27 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 28 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1 |
|
|
| aliases |
CVE-2014-0130, GHSA-6x85-j5j2-27jx
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j52w-azvw-1ycn |
|
| 21 |
| url |
VCID-j585-zz5s-nqd5 |
| vulnerability_id |
VCID-j585-zz5s-nqd5 |
| summary |
Timing attack vulnerability in basic authentication
Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for `http_basic_authenticate_with` method calls in your application. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.22.1 |
| purl |
pkg:gem/actionpack@3.2.22.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 18 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 21 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 22 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 23 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 24 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 25 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1 |
|
| 1 |
| url |
pkg:gem/actionpack@4.1.14.1 |
| purl |
pkg:gem/actionpack@4.1.14.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 18 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 21 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 22 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 23 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 24 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.2.5.1 |
| purl |
pkg:gem/actionpack@4.2.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 18 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 21 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 22 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 23 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1 |
|
| 3 |
| url |
pkg:gem/actionpack@5.0.0.beta1.1 |
| purl |
pkg:gem/actionpack@5.0.0.beta1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 6 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 7 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 8 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 9 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 10 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 11 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 12 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 13 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 14 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 15 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 16 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 17 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 18 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 19 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 20 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 21 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1 |
|
|
| aliases |
CVE-2015-7576, GHSA-p692-7mm3-3fxg
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j585-zz5s-nqd5 |
|
| 22 |
| url |
VCID-jnrw-sue5-zqex |
| vulnerability_id |
VCID-jnrw-sue5-zqex |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2931, GHSA-v5jg-558j-q67c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jnrw-sue5-zqex |
|
| 23 |
| url |
VCID-kyj5-b8wz-pkgj |
| vulnerability_id |
VCID-kyj5-b8wz-pkgj |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2197, GHSA-v9v4-7jp6-8c73
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kyj5-b8wz-pkgj |
|
| 24 |
| url |
VCID-m8rg-xa7x-6yan |
| vulnerability_id |
VCID-m8rg-xa7x-6yan |
| summary |
Improper Input Validation
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability." |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-2929, GHSA-r7q2-5gqg-6c7q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m8rg-xa7x-6yan |
|
| 25 |
| url |
VCID-n2ap-zgrd-skhf |
| vulnerability_id |
VCID-n2ap-zgrd-skhf |
| summary |
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-22795, GHSA-8xww-x3g3-6jcv, GMS-2023-56
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n2ap-zgrd-skhf |
|
| 26 |
| url |
VCID-r7ur-pzac-7bbk |
| vulnerability_id |
VCID-r7ur-pzac-7bbk |
| summary |
Improper Input Validation
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-3187, GHSA-3vfw-7rcp-3xgm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r7ur-pzac-7bbk |
|
| 27 |
| url |
VCID-sevc-c95q-tyg8 |
| vulnerability_id |
VCID-sevc-c95q-tyg8 |
| summary |
Improper Input Validation
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-7248, GHSA-8fqx-7pv4-3jwm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sevc-c95q-tyg8 |
|
| 28 |
| url |
VCID-sfnx-agxs-9yc9 |
| vulnerability_id |
VCID-sfnx-agxs-9yc9 |
| summary |
XSS Vulnerability in number_to_currency
The number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.16 |
| purl |
pkg:gem/actionpack@3.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 12 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 13 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 14 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 15 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 16 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 17 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 18 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 19 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 20 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 21 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 25 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 26 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 27 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 28 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 29 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 30 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 31 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 32 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 14 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 15 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 16 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 17 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 18 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 19 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 20 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 21 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 25 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 26 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 27 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 28 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 29 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 30 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-6415, GHSA-6h5q-96hp-9jgm, OSV-100524
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sfnx-agxs-9yc9 |
|
| 29 |
| url |
VCID-swv6-gyb1-y7bs |
| vulnerability_id |
VCID-swv6-gyb1-y7bs |
| summary |
XSS Vulnerability in simple_format helper
The simple_format helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass user-controlled data to be included as html attributes will be vulnerable to an XSS attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.0 |
| purl |
pkg:gem/actionpack@3.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 5 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 6 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 7 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 8 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 9 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 10 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 11 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 12 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 13 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 14 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 15 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 16 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 17 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 18 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 19 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 20 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 21 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 22 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 23 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 24 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 25 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 26 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 27 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 28 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 29 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 30 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 31 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 32 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 33 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 34 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 35 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 36 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 37 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 38 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 39 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 40 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 41 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 42 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 43 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 44 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 45 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 14 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 15 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 16 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 17 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 18 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 19 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 20 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 21 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 25 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 26 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 27 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 28 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 29 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 30 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-6416, GHSA-w37c-q653-qg95, OSV-100526
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-swv6-gyb1-y7bs |
|
| 30 |
| url |
VCID-t1ep-g6cz-7kgr |
| vulnerability_id |
VCID-t1ep-g6cz-7kgr |
| summary |
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true` |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.21 |
| purl |
pkg:gem/actionpack@3.2.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 19 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 20 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 21 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 22 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 23 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 24 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 25 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 26 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 27 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.21 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.11.1 |
| purl |
pkg:gem/actionpack@4.0.11.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 19 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 20 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 23 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 24 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 25 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 26 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11.1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.0.12 |
| purl |
pkg:gem/actionpack@4.0.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 19 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 20 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 21 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 22 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 23 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 24 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 25 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 26 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 27 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.12 |
|
| 3 |
| url |
pkg:gem/actionpack@4.1.0.beta1 |
| purl |
pkg:gem/actionpack@4.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 14 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 15 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 16 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 17 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 18 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 19 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 20 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 21 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 22 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 23 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 24 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 25 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 26 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 27 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 28 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 29 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1 |
|
| 4 |
| url |
pkg:gem/actionpack@4.1.7.1 |
| purl |
pkg:gem/actionpack@4.1.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 19 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 20 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 23 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 24 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 25 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 26 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7.1 |
|
| 5 |
| url |
pkg:gem/actionpack@4.1.8 |
| purl |
pkg:gem/actionpack@4.1.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 19 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 20 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 21 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 22 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 23 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 24 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 25 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 26 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 27 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.8 |
|
| 6 |
| url |
pkg:gem/actionpack@4.2.0.beta1 |
| purl |
pkg:gem/actionpack@4.2.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 6 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 7 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 19 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 20 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 21 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 22 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 23 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 24 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 25 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 26 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 27 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1 |
|
| 7 |
| url |
pkg:gem/actionpack@4.2.0.beta4 |
| purl |
pkg:gem/actionpack@4.2.0.beta4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 11 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 12 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 18 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 19 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 20 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 23 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 24 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 25 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 26 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta4 |
|
|
| aliases |
CVE-2014-7829, GHSA-h56m-vwxc-3qpw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t1ep-g6cz-7kgr |
|
| 31 |
| url |
VCID-tc9x-h24m-9ufe |
| vulnerability_id |
VCID-tc9x-h24m-9ufe |
| summary |
Translate helper method which may allow an attacker to insert arbitrary code into a page
The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-4319, GHSA-xxr8-833v-c7wc, OSV-77199
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tc9x-h24m-9ufe |
|
| 32 |
| url |
VCID-vaa4-b9ph-b7cm |
| vulnerability_id |
VCID-vaa4-b9ph-b7cm |
| summary |
Reflective XSS Vulnerability
There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.16 |
| purl |
pkg:gem/actionpack@3.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 12 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 13 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 14 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 15 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 16 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 17 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 18 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 19 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 20 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 21 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 25 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 26 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 27 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 28 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 29 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 30 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 31 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 32 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 14 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 15 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 16 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 17 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 18 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 19 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 20 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 21 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 25 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 26 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 27 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 28 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 29 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 30 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-4491, GHSA-699m-mcjm-9cw8, OSV-100528
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vaa4-b9ph-b7cm |
|
| 33 |
| url |
VCID-wyvv-ks5y-fkex |
| vulnerability_id |
VCID-wyvv-ks5y-fkex |
| summary |
Possible Object Leak and Denial of Service attack
A carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.22.1 |
| purl |
pkg:gem/actionpack@3.2.22.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 18 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 21 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 22 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 23 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 24 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
| 25 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1 |
|
| 1 |
| url |
pkg:gem/actionpack@4.1.14.1 |
| purl |
pkg:gem/actionpack@4.1.14.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 18 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 21 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 22 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 23 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 24 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.2.5.1 |
| purl |
pkg:gem/actionpack@4.2.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 11 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 12 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 18 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 21 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 22 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 23 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1 |
|
| 3 |
| url |
pkg:gem/actionpack@5.0.0.beta1.1 |
| purl |
pkg:gem/actionpack@5.0.0.beta1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 6 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 7 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 8 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 9 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 10 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 11 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 12 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 13 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 14 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 15 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 16 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 17 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 18 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 19 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 20 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 21 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1 |
|
|
| aliases |
CVE-2016-0751, GHSA-ffpv-c4hm-3x6v
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wyvv-ks5y-fkex |
|
| 34 |
| url |
VCID-xhqj-617q-f7fb |
| vulnerability_id |
VCID-xhqj-617q-f7fb |
| summary |
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
# Possible ReDoS vulnerability in Accept header parsing in Action Dispatch
There is a possible ReDoS vulnerability in the Accept header parsing routines
of Action Dispatch. This vulnerability has been assigned the CVE identifier
CVE-2024-26142.
Versions Affected: >= 7.1.0, < 7.1.3.1
Not affected: < 7.1.0
Fixed Versions: 7.1.3.1
Impact
------
Carefully crafted Accept headers can cause Accept header parsing in Action
Dispatch to take an unexpected amount of time, possibly resulting in a DoS
vulnerability. All users running an affected release should either upgrade or
use one of the workarounds immediately.
Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby
3.2 or newer are unaffected.
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
There are no feasible workarounds for this issue.
Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.
* 7-1-accept-redox.patch - Patch for 7.1 series
Credits
-------
Thanks [svalkanov](https://hackerone.com/svalkanov) for the report and patch! |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-26142, GHSA-jjhx-jhvp-74wq
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xhqj-617q-f7fb |
|
| 35 |
| url |
VCID-yp5x-mgfj-xbbf |
| vulnerability_id |
VCID-yp5x-mgfj-xbbf |
| summary |
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-22792, GHSA-p84v-45xj-wwqj, GMS-2023-58
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yp5x-mgfj-xbbf |
|
| 36 |
|
| 37 |
|
| 38 |
| url |
VCID-zm15-yzy1-xuhv |
| vulnerability_id |
VCID-zm15-yzy1-xuhv |
| summary |
Possible XSS Vulnerability in ActionView
There is a possible XSS vulnerability in Action View. Text declared as `HTML safe` will not have quotes escaped when used as attribute values in tag helpers. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.22.3 |
| purl |
pkg:gem/actionpack@3.2.22.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-4jjq-jkgc-mkca |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-9w4d-2z52-wyaf |
|
| 5 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 6 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 7 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 8 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 9 |
| vulnerability |
VCID-fnkq-8eys-gygm |
|
| 10 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 11 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 12 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 13 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 14 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 15 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 16 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 17 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 18 |
| vulnerability |
VCID-xhqj-617q-f7fb |
|
| 19 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 20 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
| 21 |
| vulnerability |
VCID-yrjj-cken-6qff |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.3 |
|
|
| aliases |
CVE-2016-6316, GHSA-pc3m-v286-2jwj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zm15-yzy1-xuhv |
|