| 0 |
| url |
VCID-1pzg-37dp-cyb1 |
| vulnerability_id |
VCID-1pzg-37dp-cyb1 |
| summary |
Possible Object Leak and Denial of Service attack
A carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.22.1 |
| purl |
pkg:gem/actionpack@3.2.22.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 1 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 2 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 9 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 10 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 13 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 14 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 15 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 16 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 17 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 18 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 19 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 20 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 21 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 22 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 23 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 24 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 25 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1 |
|
| 1 |
| url |
pkg:gem/actionpack@4.1.14.1 |
| purl |
pkg:gem/actionpack@4.1.14.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 1 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 2 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 3 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 4 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 5 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 6 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 7 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 8 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 9 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 10 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 11 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 12 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 13 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 14 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 15 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 16 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 17 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 18 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 19 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 20 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 21 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 22 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 23 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.2.5.1 |
| purl |
pkg:gem/actionpack@4.2.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 1 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 2 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 3 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 4 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 5 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 6 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 7 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 8 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 9 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 10 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 11 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 12 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 13 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 14 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 15 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 16 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 17 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 18 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 19 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 20 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 21 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 22 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 23 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1 |
|
| 3 |
| url |
pkg:gem/actionpack@5.0.0.beta1.1 |
| purl |
pkg:gem/actionpack@5.0.0.beta1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 1 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 2 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 3 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 4 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 5 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 6 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 7 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 8 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 9 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 10 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 11 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 12 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 13 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 14 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 15 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 16 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 17 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 18 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 19 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 20 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 21 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 22 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1 |
|
|
| aliases |
CVE-2016-0751, GHSA-ffpv-c4hm-3x6v
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1pzg-37dp-cyb1 |
|
| 1 |
| url |
VCID-2p4p-apst-v3cq |
| vulnerability_id |
VCID-2p4p-apst-v3cq |
| summary |
XSS Vulnerability in simple_format helper
The simple_format helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass user-controlled data to be included as html attributes will be vulnerable to an XSS attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.1.0 |
| purl |
pkg:gem/actionpack@3.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0 |
|
| 1 |
| url |
pkg:gem/actionpack@3.2.0 |
| purl |
pkg:gem/actionpack@3.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 8 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 9 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 10 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 11 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 12 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 13 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 14 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 15 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 16 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 17 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 18 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 19 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 20 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 21 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 22 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 23 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 24 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 25 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 26 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 27 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 28 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 29 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 30 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 31 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 32 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 33 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 34 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 35 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 36 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 37 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 38 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 39 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 40 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 41 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 42 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 43 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 44 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 45 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0 |
|
| 2 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 3 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 4 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 5 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 6 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 7 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 8 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 9 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 13 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 14 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 15 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 16 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 17 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 18 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 19 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 20 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 21 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 22 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 23 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 24 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 25 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 26 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 27 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 28 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 29 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 30 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 31 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-6416, GHSA-w37c-q653-qg95, OSV-100526
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2p4p-apst-v3cq |
|
| 2 |
| url |
VCID-37qm-tp8v-tugb |
| vulnerability_id |
VCID-37qm-tp8v-tugb |
| summary |
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
There is a possible ReDoS vulnerability in Action Controller's
HTTP Token authentication. This vulnerability has been assigned
the CVE identifier CVE-2024-47887.
## Impact
For applications using HTTP Token authentication via
`authenticate_or_request_with_http_token` or similar, a carefully
crafted header may cause header parsing to take an unexpected amount
of time, possibly resulting in a DoS vulnerability. All users running
an affected release should either upgrade or apply the relevant
patch immediately.
Ruby 3.2 has mitigations for this problem, so Rails applications
using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends
on Ruby 3.2 or greater so is unaffected.
## Releases
The fixed releases are available at the normal locations.
## Workarounds
Users on Ruby 3.2 are unaffected by this issue.
## Credits
Thanks to [scyoon](https://hackerone.com/scyoon) for reporting |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-47887, GHSA-vfg9-r3fq-jvx4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-37qm-tp8v-tugb |
|
| 3 |
| url |
VCID-464e-wb3p-j3dn |
| vulnerability_id |
VCID-464e-wb3p-j3dn |
| summary |
Reflective XSS Vulnerability
There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.16 |
| purl |
pkg:gem/actionpack@3.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 3 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 4 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 5 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 6 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 7 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 8 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 9 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 13 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 14 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 15 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 16 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 17 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 18 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 19 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 20 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 21 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 22 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 23 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 24 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 25 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 26 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 27 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 28 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 29 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 30 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 31 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 32 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 33 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 3 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 4 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 5 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 6 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 7 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 8 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 9 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 13 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 14 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 15 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 16 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 17 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 18 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 19 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 20 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 21 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 22 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 23 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 24 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 25 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 26 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 27 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 28 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 29 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 30 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 31 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-4491, GHSA-699m-mcjm-9cw8, OSV-100528
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-464e-wb3p-j3dn |
|
| 4 |
| url |
VCID-75m1-xqdk-j7f3 |
| vulnerability_id |
VCID-75m1-xqdk-j7f3 |
| summary |
Improper Input Validation
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability." |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.10 |
| purl |
pkg:gem/actionpack@3.0.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.10 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.0 |
| purl |
pkg:gem/actionpack@3.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0 |
|
|
| aliases |
CVE-2011-2929, GHSA-r7q2-5gqg-6c7q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-75m1-xqdk-j7f3 |
|
| 5 |
| url |
VCID-7m31-x66p-3bha |
| vulnerability_id |
VCID-7m31-x66p-3bha |
| summary |
actionpack Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@2.3.16 |
| purl |
pkg:gem/actionpack@2.3.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 5 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 6 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 7 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 8 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 9 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 13 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 14 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 15 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 16 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 17 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 18 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 19 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 20 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 21 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 22 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 23 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 24 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 25 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 26 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 27 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 28 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 29 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 30 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 31 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 32 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 33 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 34 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 35 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 36 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.16 |
|
| 1 |
| url |
pkg:gem/actionpack@3.0.17 |
| purl |
pkg:gem/actionpack@3.0.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 12 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 13 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 14 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 15 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 16 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 17 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 18 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 19 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 20 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 21 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 22 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 23 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 24 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 25 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 26 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 27 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 28 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 29 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 30 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 31 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 32 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 33 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 34 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 35 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 36 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 37 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 38 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 39 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.17 |
|
| 2 |
| url |
pkg:gem/actionpack@3.1.0.beta1 |
| purl |
pkg:gem/actionpack@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1 |
|
| 3 |
| url |
pkg:gem/actionpack@3.1.8 |
| purl |
pkg:gem/actionpack@3.1.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 12 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 13 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 14 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 15 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 16 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 17 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 18 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 19 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 20 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 21 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 22 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 23 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 24 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 25 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 26 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 27 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 28 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 29 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 30 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 31 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 32 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 33 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 34 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 35 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 36 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 37 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 38 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 39 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8 |
|
| 4 |
| url |
pkg:gem/actionpack@3.2.0.rc1 |
| purl |
pkg:gem/actionpack@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 8 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 9 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 10 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 11 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 12 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 13 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 14 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 15 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 16 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 17 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 18 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 19 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 20 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 21 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 22 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 23 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 24 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 25 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 26 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 27 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 28 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 29 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 30 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 31 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 32 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 33 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 34 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 35 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 36 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 37 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 38 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 39 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 40 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 41 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 42 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 43 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 44 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 45 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1 |
|
| 5 |
| url |
pkg:gem/actionpack@3.2.8 |
| purl |
pkg:gem/actionpack@3.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 13 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 14 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 15 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 16 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 17 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 18 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 19 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 20 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 21 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 22 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 23 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 24 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 25 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 26 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 33 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 34 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 35 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 36 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 37 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 38 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 39 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 40 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 41 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8 |
|
|
| aliases |
CVE-2012-3465, GHSA-7g65-ghrg-hpf5, OSV-84513
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7m31-x66p-3bha |
|
| 6 |
| url |
VCID-b464-j8ja-hke6 |
| vulnerability_id |
VCID-b464-j8ja-hke6 |
| summary |
Improper Input Validation
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-7248, GHSA-8fqx-7pv4-3jwm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b464-j8ja-hke6 |
|
| 7 |
| url |
VCID-bcwq-ngna-fqhd |
| vulnerability_id |
VCID-bcwq-ngna-fqhd |
| summary |
Cross-Site Request Forgery (CSRF)
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.4 |
| purl |
pkg:gem/actionpack@3.0.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.4 |
|
|
| aliases |
CVE-2011-0447, GHSA-24fg-p96v-hxh8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bcwq-ngna-fqhd |
|
| 8 |
| url |
VCID-bfqq-ypyw-dycj |
| vulnerability_id |
VCID-bfqq-ypyw-dycj |
| summary |
Rails has possible XSS Vulnerability in Action Controller
# Possible XSS Vulnerability in Action Controller
There is a possible XSS vulnerability when using the translation helpers
(`translate`, `t`, etc) in Action Controller. This vulnerability has been
assigned the CVE identifier CVE-2024-26143.
Versions Affected: >= 7.0.0.
Not affected: < 7.0.0
Fixed Versions: 7.1.3.1, 7.0.8.1
Impact
------
Applications using translation methods like `translate`, or `t` on a
controller, with a key ending in "_html", a `:default` key which contains
untrusted user input, and the resulting string is used in a view, may be
susceptible to an XSS vulnerability.
For example, impacted code will look something like this:
```ruby
class ArticlesController < ApplicationController
def show
@message = t("message_html", default: untrusted_input)
# The `show` template displays the contents of `@message`
end
end
```
To reiterate the pre-conditions, applications must:
* Use a translation function from a controller (i.e. _not_ I18n.t, or `t` from
a view)
* Use a key that ends in `_html`
* Use a default value where the default value is untrusted and unescaped input
* Send the text to the victim (whether that's part of a template, or a
`render` call)
All users running an affected release should either upgrade or use one of the
workarounds immediately.
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
There are no feasible workarounds for this issue.
Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.
* 7-0-translate-xss.patch - Patch for 7.0 series
* 7-1-translate-xss.patch - Patch for 7.1 series
Credits
-------
Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the patch and fix! |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-26143, GHSA-9822-6m93-xqf4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bfqq-ypyw-dycj |
|
| 9 |
| url |
VCID-cbvq-4ze7-r3g6 |
| vulnerability_id |
VCID-cbvq-4ze7-r3g6 |
| summary |
Translate helper method which may allow an attacker to insert arbitrary code into a page
The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.11 |
| purl |
pkg:gem/actionpack@3.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.11 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.2 |
| purl |
pkg:gem/actionpack@3.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.2 |
|
|
| aliases |
CVE-2011-4319, GHSA-xxr8-833v-c7wc, OSV-77199
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| url |
VCID-chxq-j9us-cygh |
| vulnerability_id |
VCID-chxq-j9us-cygh |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.7 |
| purl |
pkg:gem/actionpack@3.0.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.7 |
|
| 1 |
| url |
pkg:gem/actionpack@3.0.8 |
| purl |
pkg:gem/actionpack@3.0.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.8 |
|
|
| aliases |
CVE-2011-2197, GHSA-v9v4-7jp6-8c73
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-chxq-j9us-cygh |
|
| 11 |
| url |
VCID-dx34-zm9p-1ydc |
| vulnerability_id |
VCID-dx34-zm9p-1ydc |
| summary |
actionpack Improper Authentication vulnerability
The `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.16 |
| purl |
pkg:gem/actionpack@3.0.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 13 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 14 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 15 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 16 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 17 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 18 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 19 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 20 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 21 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 22 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 23 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 24 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 25 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 26 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 27 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 28 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 29 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 30 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 31 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 32 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 33 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 34 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 35 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 36 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 37 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 38 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 39 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 40 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 41 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.16 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.0.beta1 |
| purl |
pkg:gem/actionpack@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1 |
|
| 2 |
| url |
pkg:gem/actionpack@3.1.7 |
| purl |
pkg:gem/actionpack@3.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 13 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 14 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 15 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 16 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 17 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 18 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 19 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 20 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 21 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 22 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 23 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 24 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 25 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 26 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 27 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 28 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 29 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 30 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 31 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 32 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 33 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 34 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 35 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 36 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 37 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 38 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 39 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 40 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 41 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.7 |
|
| 3 |
| url |
pkg:gem/actionpack@3.2.0.rc1 |
| purl |
pkg:gem/actionpack@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 8 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 9 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 10 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 11 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 12 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 13 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 14 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 15 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 16 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 17 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 18 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 19 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 20 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 21 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 22 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 23 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 24 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 25 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 26 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 27 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 28 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 29 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 30 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 31 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 32 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 33 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 34 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 35 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 36 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 37 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 38 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 39 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 40 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 41 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 42 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 43 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 44 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 45 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1 |
|
| 4 |
| url |
pkg:gem/actionpack@3.2.7 |
| purl |
pkg:gem/actionpack@3.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 8 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 9 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 10 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 11 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 12 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 28 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 29 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 30 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 31 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 32 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 33 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 34 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 35 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 36 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 37 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 38 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.7 |
|
|
| aliases |
CVE-2012-3424, GHSA-92w9-2pqw-rhjj, OSV-84243
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dx34-zm9p-1ydc |
|
| 12 |
| url |
VCID-f21a-143f-9qay |
| vulnerability_id |
VCID-f21a-143f-9qay |
| summary |
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.14 |
| purl |
pkg:gem/actionpack@3.0.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 39 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 40 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 41 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 42 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.14 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.6 |
| purl |
pkg:gem/actionpack@3.1.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 39 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 40 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 41 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 42 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.6 |
|
| 2 |
| url |
pkg:gem/actionpack@3.2.6 |
| purl |
pkg:gem/actionpack@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 8 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 9 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 10 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 11 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 12 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 13 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 14 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 15 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 16 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 17 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 18 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 19 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 20 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 21 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 22 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 23 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 24 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 25 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 26 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 27 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 28 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 29 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 30 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 31 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 32 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 33 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 34 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 35 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 36 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 37 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 38 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 39 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 40 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 41 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 42 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 43 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 44 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.6 |
|
|
| aliases |
CVE-2012-2694, GHSA-q34c-48gc-m9g8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f21a-143f-9qay |
|
| 13 |
| url |
VCID-f7bp-x4q3-jbeh |
| vulnerability_id |
VCID-f7bp-x4q3-jbeh |
| summary |
Possible Strong Parameters Bypass in ActionPack
There is a strong parameters bypass vector in ActionPack.
Versions Affected: rails <= 6.0.3
Not affected: rails < 4.0.0
Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1
Impact
------
In some cases user supplied information can be inadvertently leaked from
Strong Parameters. Specifically the return value of `each`, or `each_value`,
or `each_pair` will return the underlying "untrusted" hash of data that was
read from the parameters. Applications that use this return value may be
inadvertently use untrusted user input.
Impacted code will look something like this:
```
def update
# Attacker has included the parameter: `{ is_admin: true }`
User.update(clean_up_params)
end
def clean_up_params
params.each { |k, v| SomeModel.check(v) if k == :name }
end
```
Note the mistaken use of `each` in the `clean_up_params` method in the above
example.
Workarounds
-----------
Do not use the return values of `each`, `each_value`, or `each_pair` in your
application. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-8164, GHSA-8727-m6gj-mc37
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f7bp-x4q3-jbeh |
|
| 14 |
| url |
VCID-ftus-vcww-2kgf |
| vulnerability_id |
VCID-ftus-vcww-2kgf |
| summary |
Improper Input Validation
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:gem/actionpack@2.3.14 |
| purl |
pkg:gem/actionpack@2.3.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 5 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 12 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 13 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 14 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 15 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 16 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 17 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 18 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 19 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 20 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 21 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 22 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 23 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 24 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 25 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 26 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 27 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 28 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 29 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 30 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 31 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 32 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 33 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 34 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 35 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 36 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 37 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 38 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 39 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 40 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 41 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.14 |
|
|
| aliases |
CVE-2011-3187, GHSA-3vfw-7rcp-3xgm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ftus-vcww-2kgf |
|
| 15 |
| url |
VCID-gadc-jens-nuga |
| vulnerability_id |
VCID-gadc-jens-nuga |
| summary |
Denial of Service Vulnerability in Action View
There is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.16 |
| purl |
pkg:gem/actionpack@3.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 3 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 4 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 5 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 6 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 7 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 8 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 9 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 13 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 14 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 15 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 16 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 17 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 18 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 19 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 20 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 21 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 22 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 23 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 24 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 25 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 26 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 27 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 28 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 29 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 30 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 31 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 32 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 33 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 3 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 4 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 5 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 6 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 7 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 8 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 9 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 13 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 14 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 15 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 16 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 17 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 18 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 19 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 20 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 21 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 22 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 23 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 24 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 25 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 26 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 27 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 28 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 29 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 30 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 31 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-6414, GHSA-mpxf-gcw2-pw5q, OSV-100525
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gadc-jens-nuga |
|
| 16 |
| url |
VCID-ghj9-vyyr-tub8 |
| vulnerability_id |
VCID-ghj9-vyyr-tub8 |
| summary |
XSS Vulnerability in number_to_currency
The number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.16 |
| purl |
pkg:gem/actionpack@3.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 3 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 4 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 5 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 6 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 7 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 8 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 9 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 13 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 14 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 15 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 16 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 17 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 18 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 19 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 20 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 21 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 22 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 23 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 24 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 25 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 26 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 27 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 28 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 29 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 30 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 31 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 32 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 33 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 3 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 4 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 5 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 6 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 7 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 8 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 9 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 13 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 14 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 15 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 16 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 17 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 18 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 19 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 20 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 21 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 22 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 23 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 24 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 25 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 26 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 27 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 28 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 29 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 30 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 31 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-6415, GHSA-6h5q-96hp-9jgm, OSV-100524
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ghj9-vyyr-tub8 |
|
| 17 |
| url |
VCID-gqfj-qxbc-xqhm |
| vulnerability_id |
VCID-gqfj-qxbc-xqhm |
| summary |
Timing attack vulnerability in basic authentication
Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for `http_basic_authenticate_with` method calls in your application. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.22.1 |
| purl |
pkg:gem/actionpack@3.2.22.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 1 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 2 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 9 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 10 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 13 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 14 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 15 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 16 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 17 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 18 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 19 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 20 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 21 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 22 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 23 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 24 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 25 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1 |
|
| 1 |
| url |
pkg:gem/actionpack@4.1.14.1 |
| purl |
pkg:gem/actionpack@4.1.14.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 1 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 2 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 3 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 4 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 5 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 6 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 7 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 8 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 9 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 10 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 11 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 12 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 13 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 14 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 15 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 16 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 17 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 18 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 19 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 20 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 21 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 22 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 23 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.2.5.1 |
| purl |
pkg:gem/actionpack@4.2.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 1 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 2 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 3 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 4 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 5 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 6 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 7 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 8 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 9 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 10 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 11 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 12 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 13 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 14 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 15 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 16 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 17 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 18 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 19 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 20 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 21 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 22 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 23 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1 |
|
| 3 |
| url |
pkg:gem/actionpack@5.0.0.beta1.1 |
| purl |
pkg:gem/actionpack@5.0.0.beta1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 1 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 2 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 3 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 4 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 5 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 6 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 7 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 8 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 9 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 10 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 11 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 12 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 13 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 14 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 15 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 16 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 17 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 18 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 19 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 20 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 21 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 22 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1 |
|
|
| aliases |
CVE-2015-7576, GHSA-p692-7mm3-3fxg
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gqfj-qxbc-xqhm |
|
| 18 |
| url |
VCID-hdu6-u2pb-aqhp |
| vulnerability_id |
VCID-hdu6-u2pb-aqhp |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-3009, GHSA-8qrh-h9m2-5fvf, OSV-57666
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hdu6-u2pb-aqhp |
|
| 19 |
| url |
VCID-hqff-h373-qqex |
| vulnerability_id |
VCID-hqff-h373-qqex |
| summary |
Response Splitting Vulnerability in Ruby on Rails
A response splitting flaw can allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:gem/actionpack@2.3.14 |
| purl |
pkg:gem/actionpack@2.3.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 5 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 12 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 13 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 14 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 15 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 16 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 17 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 18 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 19 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 20 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 21 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 22 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 23 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 24 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 25 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 26 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 27 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 28 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 29 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 30 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 31 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 32 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 33 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 34 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 35 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 36 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 37 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 38 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 39 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 40 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 41 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.14 |
|
| 2 |
| url |
pkg:gem/actionpack@3.0.0.beta |
| purl |
pkg:gem/actionpack@3.0.0.beta |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 5 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 12 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 13 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 14 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 15 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 16 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 17 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 18 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 19 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 20 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 21 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 22 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 23 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 24 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 25 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 26 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 27 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 28 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 29 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 30 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 31 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 32 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 33 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 34 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 35 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 36 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 37 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 38 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 39 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 40 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 41 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 42 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.0.beta |
|
|
| aliases |
CVE-2011-3186, GHSA-fcqf-h4h4-695m, OSV-74616
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hqff-h373-qqex |
|
| 20 |
| url |
VCID-hxcf-k4te-h3gu |
| vulnerability_id |
VCID-hxcf-k4te-h3gu |
| summary |
Untrusted users able to run pending migrations in production
There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed
an untrusted user to run any pending migrations on a Rails app running in
production.
This vulnerability has been assigned the CVE identifier CVE-2020-8185.
Versions Affected: 6.0.0 < rails < 6.0.3.2
Not affected: Applications with `config.action_dispatch.show_exceptions = false` (this is not a default setting in production)
Fixed Versions: rails >= 6.0.3.2
Impact
------
Using this issue, an attacker would be able to execute any migrations that
are pending for a Rails app running in production mode. It is important to
note that an attacker is limited to running migrations the application
developer has already defined in their application and ones that have not
already ran.
Workarounds
-----------
Until such time as the patch can be applied, application developers should
disable the ActionDispatch middleware in their production environment via
a line such as this one in their config/environment/production.rb:
`config.middleware.delete ActionDispatch::ActionableExceptions` |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-8185, GHSA-c6qr-h5vq-59jc
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.4 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hxcf-k4te-h3gu |
|
| 21 |
| url |
VCID-jkk1-jx5j-q3ch |
| vulnerability_id |
VCID-jkk1-jx5j-q3ch |
| summary |
Exposure of Sensitive Information to an Unauthorized Actor
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-3086, GHSA-fg9w-g6m4-557j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jkk1-jx5j-q3ch |
|
| 22 |
| url |
VCID-kt2t-d3bx-jydv |
| vulnerability_id |
VCID-kt2t-d3bx-jydv |
| summary |
XSS vulnerability in sanitize_css in Action Pack
Carefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@2.3.18 |
| purl |
pkg:gem/actionpack@2.3.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 5 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 6 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 7 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 8 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 9 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 13 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 14 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 15 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 16 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 17 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 18 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 19 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 20 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 21 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 22 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 23 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 24 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 25 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 26 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 27 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 28 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 29 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 30 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 31 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 32 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 33 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 34 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 35 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 36 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.18 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.12 |
| purl |
pkg:gem/actionpack@3.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 12 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 13 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 14 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 15 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 16 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 17 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 18 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 19 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 20 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 21 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 22 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 23 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 24 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 25 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 26 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 27 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 28 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 29 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 30 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 31 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 32 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 33 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 34 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 35 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 36 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 37 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 38 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12 |
|
| 2 |
| url |
pkg:gem/actionpack@3.2.13 |
| purl |
pkg:gem/actionpack@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 13 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 14 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 15 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 16 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 17 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 18 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 19 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 20 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 21 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 22 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 23 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 24 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 25 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 26 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 29 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 30 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 31 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 32 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 33 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 34 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 35 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 36 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 37 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 38 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 39 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 40 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13 |
|
|
| aliases |
CVE-2013-1855, GHSA-q759-hwvc-m3jg, OSV-91452
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2t-d3bx-jydv |
|
| 23 |
| url |
VCID-n798-maqx-y3c9 |
| vulnerability_id |
VCID-n798-maqx-y3c9 |
| summary |
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
# Possible ReDoS vulnerability in Accept header parsing in Action Dispatch
There is a possible ReDoS vulnerability in the Accept header parsing routines
of Action Dispatch. This vulnerability has been assigned the CVE identifier
CVE-2024-26142.
Versions Affected: >= 7.1.0, < 7.1.3.1
Not affected: < 7.1.0
Fixed Versions: 7.1.3.1
Impact
------
Carefully crafted Accept headers can cause Accept header parsing in Action
Dispatch to take an unexpected amount of time, possibly resulting in a DoS
vulnerability. All users running an affected release should either upgrade or
use one of the workarounds immediately.
Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby
3.2 or newer are unaffected.
Releases
--------
The fixed releases are available at the normal locations.
Workarounds
-----------
There are no feasible workarounds for this issue.
Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.
* 7-1-accept-redox.patch - Patch for 7.1 series
Credits
-------
Thanks [svalkanov](https://hackerone.com/svalkanov) for the report and patch! |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-26142, GHSA-jjhx-jhvp-74wq
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n798-maqx-y3c9 |
|
| 24 |
| url |
VCID-nhny-abkr-6qhb |
| vulnerability_id |
VCID-nhny-abkr-6qhb |
| summary |
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-22795, GHSA-8xww-x3g3-6jcv, GMS-2023-56
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nhny-abkr-6qhb |
|
| 25 |
| url |
VCID-nprk-kfvh-vqfh |
| vulnerability_id |
VCID-nprk-kfvh-vqfh |
| summary |
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
There is a possible ReDoS vulnerability in the query parameter
filtering routines of Action Dispatch. This vulnerability has
been assigned the CVE identifier CVE-2024-41128.
## Impact
Carefully crafted query parameters can cause query parameter
filtering to take an unexpected amount of time, possibly resulting
in a DoS vulnerability. All users running an affected release
should either upgrade or apply the relevant patch immediately.
Ruby 3.2 has mitigations for this problem, so Rails applications
using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends
on Ruby 3.2 or greater so is unaffected.
## Releases
The fixed releases are available at the normal locations.
## Workarounds
Users on Ruby 3.2 are unaffected by this issue.
## Credits
Thanks to [scyoon](https://hackerone.com/scyoon) for the report and patches! |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/rails/rails |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
|
| 1 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/rails/rails |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-41128, GHSA-x76w-6vjr-8xgj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nprk-kfvh-vqfh |
|
| 26 |
| url |
VCID-p6yg-d8wm-4bgz |
| vulnerability_id |
VCID-p6yg-d8wm-4bgz |
| summary |
SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@2.3.16 |
| purl |
pkg:gem/actionpack@2.3.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 5 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 6 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 7 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 8 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 9 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 13 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 14 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 15 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 16 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 17 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 18 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 19 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 20 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 21 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 22 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 23 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 24 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 25 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 26 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 27 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 28 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 29 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 30 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 31 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 32 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 33 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 34 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 35 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 36 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.16 |
|
| 1 |
| url |
pkg:gem/actionpack@3.0.13 |
| purl |
pkg:gem/actionpack@3.0.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 39 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 40 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 41 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 42 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.13 |
|
| 2 |
| url |
pkg:gem/actionpack@3.1.5 |
| purl |
pkg:gem/actionpack@3.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 39 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 40 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 41 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 42 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.5 |
|
| 3 |
| url |
pkg:gem/actionpack@3.2.4 |
| purl |
pkg:gem/actionpack@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 8 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 9 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 10 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 11 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 12 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 13 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 14 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 15 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 16 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 17 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 18 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 19 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 20 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 21 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 22 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 23 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 24 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 25 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 26 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 27 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 28 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 29 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 30 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 31 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 32 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 33 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 34 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 35 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 36 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 37 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 38 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 39 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 40 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 41 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 42 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 43 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 44 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4 |
|
|
| aliases |
CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p6yg-d8wm-4bgz |
|
| 27 |
| url |
VCID-puve-cp8z-zbdr |
| vulnerability_id |
VCID-puve-cp8z-zbdr |
| summary |
Multiple vulnerabilities in parameter parsing in Action Pack
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@2.3.15 |
| purl |
pkg:gem/actionpack@2.3.15 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 5 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 12 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 13 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 14 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 15 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 16 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 17 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 18 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 19 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 20 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 21 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 22 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 23 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 24 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 25 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 26 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 27 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 28 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 29 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 30 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 31 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 32 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 33 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 34 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 35 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 36 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 37 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.15 |
|
| 1 |
| url |
pkg:gem/actionpack@3.0.19 |
| purl |
pkg:gem/actionpack@3.0.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 12 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 13 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 14 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 15 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 16 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 17 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 18 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 19 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 20 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 21 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 22 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 23 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 24 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 25 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 26 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 27 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 28 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 29 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 30 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 31 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 32 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 33 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 34 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 35 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 36 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 37 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 38 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.19 |
|
| 2 |
| url |
pkg:gem/actionpack@3.1.0.beta1 |
| purl |
pkg:gem/actionpack@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1 |
|
| 3 |
| url |
pkg:gem/actionpack@3.1.10 |
| purl |
pkg:gem/actionpack@3.1.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 12 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 13 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 14 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 15 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 16 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 17 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 18 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 19 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 20 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 21 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 22 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 23 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 24 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 25 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 26 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 27 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 28 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 29 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 30 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 31 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 32 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 33 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 34 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 35 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 36 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 37 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 38 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.10 |
|
| 4 |
| url |
pkg:gem/actionpack@3.2.0.rc1 |
| purl |
pkg:gem/actionpack@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 8 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 9 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 10 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 11 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 12 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 13 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 14 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 15 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 16 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 17 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 18 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 19 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 20 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 21 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 22 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 23 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 24 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 25 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 26 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 27 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 28 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 29 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 30 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 31 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 32 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 33 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 34 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 35 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 36 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 37 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 38 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 39 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 40 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 41 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 42 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 43 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 44 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 45 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1 |
|
| 5 |
| url |
pkg:gem/actionpack@3.2.11 |
| purl |
pkg:gem/actionpack@3.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 13 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 14 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 15 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 16 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 17 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 18 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 19 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 20 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 21 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 22 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 23 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 24 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 25 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 26 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 29 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 30 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 31 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 32 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 33 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 34 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 35 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 36 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 37 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 38 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 39 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 40 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.11 |
|
|
| aliases |
CVE-2013-0156, GHSA-jmgw-6vjg-jjwg, OSV-89026
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-puve-cp8z-zbdr |
|
| 28 |
| url |
VCID-qmvt-9qth-77a6 |
| vulnerability_id |
VCID-qmvt-9qth-77a6 |
| summary |
XSS Vulnerability in the `sanitize` helper
The `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@2.3.18 |
| purl |
pkg:gem/actionpack@2.3.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 5 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 6 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 7 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 8 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 9 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 13 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 14 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 15 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 16 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 17 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 18 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 19 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 20 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 21 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 22 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 23 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 24 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 25 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 26 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 27 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 28 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 29 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 30 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 31 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 32 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 33 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 34 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 35 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 36 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.18 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.12 |
| purl |
pkg:gem/actionpack@3.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 12 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 13 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 14 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 15 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 16 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 17 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 18 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 19 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 20 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 21 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 22 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 23 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 24 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 25 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 26 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 27 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 28 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 29 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 30 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 31 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 32 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 33 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 34 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 35 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 36 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 37 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 38 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12 |
|
| 2 |
| url |
pkg:gem/actionpack@3.2.13 |
| purl |
pkg:gem/actionpack@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 13 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 14 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 15 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 16 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 17 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 18 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 19 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 20 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 21 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 22 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 23 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 24 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 25 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 26 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 29 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 30 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 31 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 32 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 33 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 34 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 35 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 36 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 37 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 38 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 39 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 40 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13 |
|
|
| aliases |
CVE-2013-1857, GHSA-j838-vfpq-fmf2, OSV-91454
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qmvt-9qth-77a6 |
|
| 29 |
| url |
VCID-sgjx-bz3r-9yam |
| vulnerability_id |
VCID-sgjx-bz3r-9yam |
| summary |
Denial of Service Vulnerability when using render :text
Strings sent in specially crafted headers will be converted to symbols. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.17 |
| purl |
pkg:gem/actionpack@3.2.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 3 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 4 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 5 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 6 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 7 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 8 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 9 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 13 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 14 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 15 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 16 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 17 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 18 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 19 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 20 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 21 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 22 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 23 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 24 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 25 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 26 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 27 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 28 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 29 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 30 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 31 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.0.beta1 |
| purl |
pkg:gem/actionpack@4.0.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 5 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 6 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 7 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 8 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 9 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 10 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 11 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 12 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 13 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 14 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 15 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 16 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 17 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 18 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 19 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 20 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 21 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 22 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 23 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 24 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 25 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 26 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 27 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 28 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 29 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 30 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 31 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 32 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 33 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 34 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 35 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 36 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 37 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0.beta1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.0.0 |
| purl |
pkg:gem/actionpack@4.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 12 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 13 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 14 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 15 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 16 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 17 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 18 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 19 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 20 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 21 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 22 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 23 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 24 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 25 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 26 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 27 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 28 |
| vulnerability |
VCID-ugdk-t2vk-nkfc |
|
| 29 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 30 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 31 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 32 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 33 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 34 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 35 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 36 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 37 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0 |
|
|
| aliases |
CVE-2014-0082, GHSA-7cgp-c3g7-qvrw, OSV-103440
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sgjx-bz3r-9yam |
|
| 30 |
| url |
VCID-sw7t-5s3e-vkhx |
| vulnerability_id |
VCID-sw7t-5s3e-vkhx |
| summary |
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-22792, GHSA-p84v-45xj-wwqj, GMS-2023-58
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sw7t-5s3e-vkhx |
|
| 31 |
| url |
VCID-t9c8-r3yp-sbde |
| vulnerability_id |
VCID-t9c8-r3yp-sbde |
| summary |
Ruby on Rails Potential XSS Vulnerability in select_tag prompt
When a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.17 |
| purl |
pkg:gem/actionpack@3.0.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 12 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 13 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 14 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 15 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 16 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 17 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 18 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 19 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 20 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 21 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 22 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 23 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 24 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 25 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 26 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 27 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 28 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 29 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 30 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 31 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 32 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 33 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 34 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 35 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 36 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 37 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 38 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 39 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.17 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.0.beta1 |
| purl |
pkg:gem/actionpack@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1 |
|
| 2 |
| url |
pkg:gem/actionpack@3.1.8 |
| purl |
pkg:gem/actionpack@3.1.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 12 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 13 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 14 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 15 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 16 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 17 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 18 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 19 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 20 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 21 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 22 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 23 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 24 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 25 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 26 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 27 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 28 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 29 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 30 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 31 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 32 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 33 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 34 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 35 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 36 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 37 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 38 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 39 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8 |
|
| 3 |
| url |
pkg:gem/actionpack@3.2.0.rc1 |
| purl |
pkg:gem/actionpack@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 8 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 9 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 10 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 11 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 12 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 13 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 14 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 15 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 16 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 17 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 18 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 19 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 20 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 21 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 22 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 23 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 24 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 25 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 26 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 27 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 28 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 29 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 30 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 31 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 32 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 33 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 34 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 35 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 36 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 37 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 38 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 39 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 40 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 41 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 42 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 43 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 44 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 45 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1 |
|
| 4 |
| url |
pkg:gem/actionpack@3.2.8 |
| purl |
pkg:gem/actionpack@3.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 13 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 14 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 15 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 16 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 17 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 18 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 19 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 20 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 21 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 22 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 23 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 24 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 25 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 26 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 33 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 34 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 35 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 36 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 37 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 38 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 39 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 40 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 41 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8 |
|
|
| aliases |
CVE-2012-3463, GHSA-98mf-8f57-64qf, OSV-84515
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t9c8-r3yp-sbde |
|
| 32 |
| url |
VCID-ufrj-jn16-jybn |
| vulnerability_id |
VCID-ufrj-jn16-jybn |
| summary |
Rails has a possible XSS vulnerability in its Action Pack debug exceptions
### Impact
The debug exceptions page does not properly escape exception messages.
A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS.
This affects applications with detailed exception pages enabled (`config.consider_all_requests_local = true`),
which is the default in development.
### Releases
The fixed releases are available at the normal locations. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-33167, GHSA-pgm4-439c-5jp6
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
4.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ufrj-jn16-jybn |
|
| 33 |
| url |
VCID-v3vg-9jdz-guf5 |
| vulnerability_id |
VCID-v3vg-9jdz-guf5 |
| summary |
Possible Content Security Policy bypass in Action Dispatch
There is a possible Cross Site Scripting (XSS) vulnerability
in the `content_security_policy` helper in Action Pack.
## Impact
Applications which set Content-Security-Policy (CSP) headers
dynamically from untrusted user input may be vulnerable to
carefully crafted inputs being able to inject new directives
into the CSP. This could lead to a bypass of the CSP and its
protection against XSS and other attacks.
## Releases
The fixed releases are available at the normal locations.
## Workarounds
Applications can avoid setting CSP headers dynamically from
untrusted input, or can validate/sanitize that input.
## Credits
Thanks to [ryotak](https://hackerone.com/ryotak) for the report! |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-54133, GHSA-vfm5-rmrh-j26v
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v3vg-9jdz-guf5 |
|
| 34 |
| url |
VCID-vex8-56fk-gqdf |
| vulnerability_id |
VCID-vex8-56fk-gqdf |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.17 |
| purl |
pkg:gem/actionpack@3.2.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 3 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 4 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 5 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 6 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 7 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 8 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 9 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 13 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 14 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 15 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 16 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 17 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 18 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 19 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 20 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 21 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 22 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 23 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 24 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 25 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 26 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 27 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 28 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 29 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 30 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 31 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.3 |
| purl |
pkg:gem/actionpack@4.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 3 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 4 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 5 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 6 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 7 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 8 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 9 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 13 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 14 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 15 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 16 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 17 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 18 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 19 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 20 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 21 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 22 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 23 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 24 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 25 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 26 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 27 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 28 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 29 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 30 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.3 |
|
| 2 |
| url |
pkg:gem/actionpack@4.1.0.beta1 |
| purl |
pkg:gem/actionpack@4.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 25 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 26 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 27 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 28 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 29 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 30 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1 |
|
| 3 |
| url |
pkg:gem/actionpack@4.1.1 |
| purl |
pkg:gem/actionpack@4.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 25 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 26 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 27 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 28 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 29 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1 |
|
|
| aliases |
CVE-2014-0081, GHSA-m46p-ggm5-5j83, OSV-103439
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vex8-56fk-gqdf |
|
| 35 |
| url |
VCID-vp3u-cexw-57a4 |
| vulnerability_id |
VCID-vp3u-cexw-57a4 |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:gem/actionpack@2.3.14 |
| purl |
pkg:gem/actionpack@2.3.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 5 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 6 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 7 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 8 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 9 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 10 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 11 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 12 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 13 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 14 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 15 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 16 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 17 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 18 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 19 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 20 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 21 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 22 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 23 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 24 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 25 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 26 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 27 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 28 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 29 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 30 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 31 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 32 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 33 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 34 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 35 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 36 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 37 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 38 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 39 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 40 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 41 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.14 |
|
| 2 |
| url |
pkg:gem/actionpack@3.0.10 |
| purl |
pkg:gem/actionpack@3.0.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.10 |
|
|
| aliases |
CVE-2011-2931, GHSA-v5jg-558j-q67c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vp3u-cexw-57a4 |
|
| 36 |
| url |
VCID-wake-zgkk-vber |
| vulnerability_id |
VCID-wake-zgkk-vber |
| summary |
Path Traversal
The Rails gem allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` in a pathname. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.22.1 |
| purl |
pkg:gem/actionpack@3.2.22.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 1 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 2 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 9 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 10 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 13 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 14 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 15 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 16 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 17 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 18 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 19 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 20 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 21 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 22 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 23 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 24 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 25 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1 |
|
| 1 |
| url |
pkg:gem/actionpack@4.1.14.1 |
| purl |
pkg:gem/actionpack@4.1.14.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 1 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 2 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 3 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 4 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 5 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 6 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 7 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 8 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 9 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 10 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 11 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 12 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 13 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 14 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 15 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 16 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 17 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 18 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 19 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 20 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 21 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 22 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 23 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.2.5.1 |
| purl |
pkg:gem/actionpack@4.2.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 1 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 2 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 3 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 4 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 5 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 6 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 7 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 8 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 9 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 10 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 11 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 12 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 13 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 14 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 15 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 16 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 17 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 18 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 19 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 20 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 21 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 22 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 23 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1 |
|
|
| aliases |
CVE-2016-0752, GHSA-xrr4-p6fq-hjg7
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wake-zgkk-vber |
|
| 37 |
| url |
VCID-wg66-q6wh-w7fe |
| vulnerability_id |
VCID-wg66-q6wh-w7fe |
| summary |
XSS via posted select tag options
Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.12 |
| purl |
pkg:gem/actionpack@3.0.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 39 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 40 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 41 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 42 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.12 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.0.beta1 |
| purl |
pkg:gem/actionpack@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1 |
|
| 2 |
| url |
pkg:gem/actionpack@3.1.4 |
| purl |
pkg:gem/actionpack@3.1.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 39 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 40 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 41 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 42 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.4 |
|
| 3 |
| url |
pkg:gem/actionpack@3.2.0.rc1 |
| purl |
pkg:gem/actionpack@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 8 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 9 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 10 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 11 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 12 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 13 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 14 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 15 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 16 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 17 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 18 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 19 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 20 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 21 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 22 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 23 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 24 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 25 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 26 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 27 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 28 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 29 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 30 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 31 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 32 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 33 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 34 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 35 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 36 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 37 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 38 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 39 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 40 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 41 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 42 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 43 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 44 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 45 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1 |
|
| 4 |
| url |
pkg:gem/actionpack@3.2.2 |
| purl |
pkg:gem/actionpack@3.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 8 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 9 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 10 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 11 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 12 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 13 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 14 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 15 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 16 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 17 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 18 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 19 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 20 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 21 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 22 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 23 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 24 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 25 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 26 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 27 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 28 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 29 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 30 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 31 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 32 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 33 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 34 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 35 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 36 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 37 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 38 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 39 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 40 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 41 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 42 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 43 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 44 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.2 |
|
|
| aliases |
CVE-2012-1099, GHSA-2xjj-5x6h-8vmf, OSV-79727
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wg66-q6wh-w7fe |
|
| 38 |
| url |
VCID-xee7-ge26-yfdc |
| vulnerability_id |
VCID-xee7-ge26-yfdc |
| summary |
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true` |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.21 |
| purl |
pkg:gem/actionpack@3.2.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 4 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 5 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 6 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 7 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 8 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 12 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 13 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 14 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 15 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 16 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 17 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 18 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 19 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 20 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 21 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 22 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 23 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 24 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 25 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 26 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 27 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 28 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.21 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.11.1 |
| purl |
pkg:gem/actionpack@4.0.11.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 25 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 26 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 27 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11.1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.0.12 |
| purl |
pkg:gem/actionpack@4.0.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 25 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 26 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 27 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 28 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.12 |
|
| 3 |
| url |
pkg:gem/actionpack@4.1.0.beta1 |
| purl |
pkg:gem/actionpack@4.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 25 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 26 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 27 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 28 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 29 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 30 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1 |
|
| 4 |
| url |
pkg:gem/actionpack@4.1.7.1 |
| purl |
pkg:gem/actionpack@4.1.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 25 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 26 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 27 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7.1 |
|
| 5 |
| url |
pkg:gem/actionpack@4.1.8 |
| purl |
pkg:gem/actionpack@4.1.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 25 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 26 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 27 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 28 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.8 |
|
| 6 |
| url |
pkg:gem/actionpack@4.2.0.beta1 |
| purl |
pkg:gem/actionpack@4.2.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 25 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 26 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 27 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 28 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1 |
|
| 7 |
| url |
pkg:gem/actionpack@4.2.0.beta4 |
| purl |
pkg:gem/actionpack@4.2.0.beta4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 25 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 26 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 27 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta4 |
|
|
| aliases |
CVE-2014-7829, GHSA-h56m-vwxc-3qpw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xee7-ge26-yfdc |
|
| 39 |
| url |
VCID-xvsy-e7fv-1ufe |
| vulnerability_id |
VCID-xvsy-e7fv-1ufe |
| summary |
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true` |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.20 |
| purl |
pkg:gem/actionpack@3.2.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 4 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 5 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 6 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 7 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 8 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 12 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 13 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 14 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 15 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 16 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 17 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 18 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 19 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 20 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 21 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 22 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 23 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 24 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 25 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 26 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 27 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 28 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 29 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.20 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.11 |
| purl |
pkg:gem/actionpack@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 25 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 26 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 27 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 28 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11 |
|
| 2 |
| url |
pkg:gem/actionpack@4.1.0.beta1 |
| purl |
pkg:gem/actionpack@4.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 25 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 26 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 27 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 28 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 29 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 30 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1 |
|
| 3 |
| url |
pkg:gem/actionpack@4.1.7 |
| purl |
pkg:gem/actionpack@4.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 25 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 26 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 27 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 28 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7 |
|
| 4 |
| url |
pkg:gem/actionpack@4.2.0.beta1 |
| purl |
pkg:gem/actionpack@4.2.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 25 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 26 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 27 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 28 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1 |
|
| 5 |
| url |
pkg:gem/actionpack@4.2.0.beta3 |
| purl |
pkg:gem/actionpack@4.2.0.beta3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 3 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 4 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 5 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 6 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 7 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 8 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 9 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 10 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 11 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 12 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 13 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 14 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 15 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 16 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 17 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 18 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 19 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 20 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 21 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 22 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 23 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 24 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 25 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 26 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 27 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta3 |
|
|
| aliases |
CVE-2014-7818, GHSA-29gr-w57f-rpfw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xvsy-e7fv-1ufe |
|
| 40 |
| url |
VCID-ypcy-hry9-5fa3 |
| vulnerability_id |
VCID-ypcy-hry9-5fa3 |
| summary |
High severity vulnerability that affects actionpack
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.4 |
| purl |
pkg:gem/actionpack@3.0.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.4 |
|
|
| aliases |
CVE-2011-0449, GHSA-4ww3-3rxj-8v6q
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ypcy-hry9-5fa3 |
|
| 41 |
| url |
VCID-z21g-8h32-yyf6 |
| vulnerability_id |
VCID-z21g-8h32-yyf6 |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.4 |
| purl |
pkg:gem/actionpack@3.0.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-2p4p-apst-v3cq |
|
| 2 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 3 |
| vulnerability |
VCID-464e-wb3p-j3dn |
|
| 4 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 5 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 6 |
| vulnerability |
VCID-7m31-x66p-3bha |
|
| 7 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 8 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 9 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 10 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 11 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 12 |
| vulnerability |
VCID-dx34-zm9p-1ydc |
|
| 13 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 14 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 15 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 16 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 17 |
| vulnerability |
VCID-gadc-jens-nuga |
|
| 18 |
| vulnerability |
VCID-ghj9-vyyr-tub8 |
|
| 19 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 20 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 21 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 22 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 23 |
| vulnerability |
VCID-kt2t-d3bx-jydv |
|
| 24 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 25 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 26 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 27 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 28 |
| vulnerability |
VCID-puve-cp8z-zbdr |
|
| 29 |
| vulnerability |
VCID-qmvt-9qth-77a6 |
|
| 30 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 31 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 32 |
| vulnerability |
VCID-t9c8-r3yp-sbde |
|
| 33 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 34 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 35 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 36 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 37 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 38 |
| vulnerability |
VCID-wg66-q6wh-w7fe |
|
| 39 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 40 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 41 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 42 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
| 43 |
| vulnerability |
VCID-z94j-z575-4ydx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.4 |
|
|
| aliases |
CVE-2011-0446, GHSA-75w6-p6mg-vh8j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z21g-8h32-yyf6 |
|
| 42 |
| url |
VCID-z94j-z575-4ydx |
| vulnerability_id |
VCID-z94j-z575-4ydx |
| summary |
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
Due to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.16 |
| purl |
pkg:gem/actionpack@3.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 3 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 4 |
| vulnerability |
VCID-7spd-zybv-pbgm |
|
| 5 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 6 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 7 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 8 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 9 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-fj3n-g8wp-bbaj |
|
| 13 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 14 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 15 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 16 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 17 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 18 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 19 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 20 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 21 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 22 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 23 |
| vulnerability |
VCID-sgjx-bz3r-9yam |
|
| 24 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 25 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 26 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 27 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 28 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 29 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 30 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 31 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 32 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 33 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1pzg-37dp-cyb1 |
|
| 1 |
| vulnerability |
VCID-37qm-tp8v-tugb |
|
| 2 |
| vulnerability |
VCID-5swj-xwsw-rkac |
|
| 3 |
| vulnerability |
VCID-75m1-xqdk-j7f3 |
|
| 4 |
| vulnerability |
VCID-b464-j8ja-hke6 |
|
| 5 |
| vulnerability |
VCID-bcwq-ngna-fqhd |
|
| 6 |
| vulnerability |
VCID-bfqq-ypyw-dycj |
|
| 7 |
| vulnerability |
VCID-cbvq-4ze7-r3g6 |
|
| 8 |
| vulnerability |
VCID-chxq-j9us-cygh |
|
| 9 |
| vulnerability |
VCID-ecg2-wcty-b7hw |
|
| 10 |
| vulnerability |
VCID-f21a-143f-9qay |
|
| 11 |
| vulnerability |
VCID-f7bp-x4q3-jbeh |
|
| 12 |
| vulnerability |
VCID-ftus-vcww-2kgf |
|
| 13 |
| vulnerability |
VCID-gqfj-qxbc-xqhm |
|
| 14 |
| vulnerability |
VCID-hdu6-u2pb-aqhp |
|
| 15 |
| vulnerability |
VCID-hxcf-k4te-h3gu |
|
| 16 |
| vulnerability |
VCID-jkk1-jx5j-q3ch |
|
| 17 |
| vulnerability |
VCID-n798-maqx-y3c9 |
|
| 18 |
| vulnerability |
VCID-nhny-abkr-6qhb |
|
| 19 |
| vulnerability |
VCID-nprk-kfvh-vqfh |
|
| 20 |
| vulnerability |
VCID-nt1m-frdh-tbbq |
|
| 21 |
| vulnerability |
VCID-p6yg-d8wm-4bgz |
|
| 22 |
| vulnerability |
VCID-sw7t-5s3e-vkhx |
|
| 23 |
| vulnerability |
VCID-ufrj-jn16-jybn |
|
| 24 |
| vulnerability |
VCID-v3vg-9jdz-guf5 |
|
| 25 |
| vulnerability |
VCID-vex8-56fk-gqdf |
|
| 26 |
| vulnerability |
VCID-vp3u-cexw-57a4 |
|
| 27 |
| vulnerability |
VCID-wake-zgkk-vber |
|
| 28 |
| vulnerability |
VCID-xee7-ge26-yfdc |
|
| 29 |
| vulnerability |
VCID-xvsy-e7fv-1ufe |
|
| 30 |
| vulnerability |
VCID-ypcy-hry9-5fa3 |
|
| 31 |
| vulnerability |
VCID-z21g-8h32-yyf6 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-6417, GHSA-wpw7-wxjm-cw8r, OSV-100527
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z94j-z575-4ydx |
|