| 0 |
| url |
VCID-1161-4sdr-fkc3 |
| vulnerability_id |
VCID-1161-4sdr-fkc3 |
| summary |
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true` |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.20 |
| purl |
pkg:gem/actionpack@3.2.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 6 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 7 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 10 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 11 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 12 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 13 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 14 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 15 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 16 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 17 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 18 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 19 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 20 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 21 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.20 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.11 |
| purl |
pkg:gem/actionpack@4.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 6 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 7 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 10 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 11 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 12 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 13 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 14 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 15 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 16 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 17 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 18 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 19 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 20 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11 |
|
| 2 |
| url |
pkg:gem/actionpack@4.1.0.beta1 |
| purl |
pkg:gem/actionpack@4.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 11 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 12 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 13 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 14 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 15 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 16 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 17 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 18 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 19 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 20 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 21 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 22 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1 |
|
| 3 |
| url |
pkg:gem/actionpack@4.1.7 |
| purl |
pkg:gem/actionpack@4.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 6 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 7 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 10 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 11 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 12 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 13 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 14 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 15 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 16 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 17 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 18 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 19 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 20 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7 |
|
| 4 |
| url |
pkg:gem/actionpack@4.2.0.beta1 |
| purl |
pkg:gem/actionpack@4.2.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 5 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 6 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 7 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 10 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 11 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 12 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 13 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 14 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 15 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 16 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 17 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 18 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 19 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 20 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1 |
|
| 5 |
| url |
pkg:gem/actionpack@4.2.0.beta3 |
| purl |
pkg:gem/actionpack@4.2.0.beta3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 6 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 7 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 8 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 9 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 10 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 11 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 12 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 13 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 14 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 15 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 16 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 17 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 18 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 19 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta3 |
|
|
| aliases |
CVE-2014-7818, GHSA-29gr-w57f-rpfw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1161-4sdr-fkc3 |
|
| 1 |
| url |
VCID-14eh-tn37-bfhu |
| vulnerability_id |
VCID-14eh-tn37-bfhu |
| summary |
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
Due to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.16 |
| purl |
pkg:gem/actionpack@3.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 12 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 19 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 20 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 23 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 24 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 25 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 11 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 12 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 18 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 19 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 20 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 23 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-6417, GHSA-wpw7-wxjm-cw8r, OSV-100527
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-14eh-tn37-bfhu |
|
| 2 |
| url |
VCID-26je-urbt-8kee |
| vulnerability_id |
VCID-26je-urbt-8kee |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.17 |
| purl |
pkg:gem/actionpack@3.2.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 5 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 6 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 9 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 10 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 11 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 12 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 13 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 14 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 15 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 16 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 17 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 18 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 21 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 22 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 23 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.3 |
| purl |
pkg:gem/actionpack@4.0.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 5 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 6 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 9 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 10 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 11 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 12 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 13 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 14 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 15 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 16 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 17 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 18 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 19 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 20 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 21 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 22 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.3 |
|
| 2 |
| url |
pkg:gem/actionpack@4.1.0.beta1 |
| purl |
pkg:gem/actionpack@4.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 11 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 12 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 13 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 14 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 15 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 16 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 17 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 18 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 19 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 20 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 21 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 22 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1 |
|
| 3 |
| url |
pkg:gem/actionpack@4.1.1 |
| purl |
pkg:gem/actionpack@4.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 5 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 6 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 9 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 10 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 11 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 12 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 13 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 14 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 15 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 16 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 17 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 18 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 21 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1 |
|
|
| aliases |
CVE-2014-0081, GHSA-m46p-ggm5-5j83, OSV-103439
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-26je-urbt-8kee |
|
| 3 |
| url |
VCID-31rm-1rpc-g3dq |
| vulnerability_id |
VCID-31rm-1rpc-g3dq |
| summary |
SQL Injection
Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.13 |
| purl |
pkg:gem/actionpack@3.0.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 18 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 19 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 20 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 21 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 22 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 23 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 24 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 25 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 26 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 27 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 28 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 29 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 30 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 31 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 32 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 33 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 34 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.13 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.5 |
| purl |
pkg:gem/actionpack@3.1.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 18 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 19 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 20 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 21 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 22 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 23 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 24 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 25 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 26 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 27 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 28 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 29 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 30 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 31 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 32 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 33 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 34 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.5 |
|
| 2 |
| url |
pkg:gem/actionpack@3.2.4 |
| purl |
pkg:gem/actionpack@3.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 13 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 34 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 35 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 36 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.4 |
|
|
| aliases |
CVE-2012-2660, GHSA-hgpp-pp89-4fgf, OSV-82610
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-31rm-1rpc-g3dq |
|
| 4 |
| url |
VCID-6as7-jkwa-53dk |
| vulnerability_id |
VCID-6as7-jkwa-53dk |
| summary |
Multiple vulnerabilities in parameter parsing in Action Pack
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.19 |
| purl |
pkg:gem/actionpack@3.0.19 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 7 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 8 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 9 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 10 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 11 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 12 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 13 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 14 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 15 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 16 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 17 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 18 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 19 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 20 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 21 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 22 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 23 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 24 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 25 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 26 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 27 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 28 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 29 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 30 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.19 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.0.beta1 |
| purl |
pkg:gem/actionpack@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1 |
|
| 2 |
| url |
pkg:gem/actionpack@3.1.10 |
| purl |
pkg:gem/actionpack@3.1.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 7 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 8 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 9 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 10 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 11 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 12 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 13 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 14 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 15 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 16 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 17 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 18 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 19 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 20 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 21 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 22 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 23 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 24 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 25 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 26 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 27 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 28 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 29 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 30 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.10 |
|
| 3 |
| url |
pkg:gem/actionpack@3.2.0.rc1 |
| purl |
pkg:gem/actionpack@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 13 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 19 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 20 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 21 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 22 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 23 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 24 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 25 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 26 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 27 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 28 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 29 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 30 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 31 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 32 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 33 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 34 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 35 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 36 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 37 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1 |
|
| 4 |
| url |
pkg:gem/actionpack@3.2.11 |
| purl |
pkg:gem/actionpack@3.2.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 7 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 14 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 15 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 16 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 17 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 18 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 19 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 20 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 21 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 25 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 26 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 27 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 28 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 29 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 30 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 31 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 32 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.11 |
|
|
| aliases |
CVE-2013-0156, GHSA-jmgw-6vjg-jjwg, OSV-89026
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6as7-jkwa-53dk |
|
| 5 |
| url |
VCID-6cjf-b88j-n3bw |
| vulnerability_id |
VCID-6cjf-b88j-n3bw |
| summary |
Cross-Site Request Forgery (CSRF)
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-0447, GHSA-24fg-p96v-hxh8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6cjf-b88j-n3bw |
|
| 6 |
| url |
VCID-6jdd-kze9-myfz |
| vulnerability_id |
VCID-6jdd-kze9-myfz |
| summary |
High severity vulnerability that affects actionpack
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-0449, GHSA-4ww3-3rxj-8v6q
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6jdd-kze9-myfz |
|
| 7 |
| url |
VCID-ahgm-vw45-33a2 |
| vulnerability_id |
VCID-ahgm-vw45-33a2 |
| summary |
Ruby on Rails Potential XSS Vulnerability in select_tag prompt
When a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.17 |
| purl |
pkg:gem/actionpack@3.0.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 14 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 15 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 16 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 17 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 18 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 19 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 20 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 21 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 25 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 26 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 27 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 28 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 29 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 30 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 31 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.17 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.0.beta1 |
| purl |
pkg:gem/actionpack@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1 |
|
| 2 |
| url |
pkg:gem/actionpack@3.1.8 |
| purl |
pkg:gem/actionpack@3.1.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 14 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 15 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 16 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 17 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 18 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 19 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 20 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 21 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 25 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 26 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 27 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 28 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 29 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 30 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 31 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8 |
|
| 3 |
| url |
pkg:gem/actionpack@3.2.0.rc1 |
| purl |
pkg:gem/actionpack@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 13 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 19 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 20 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 21 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 22 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 23 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 24 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 25 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 26 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 27 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 28 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 29 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 30 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 31 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 32 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 33 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 34 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 35 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 36 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 37 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1 |
|
| 4 |
| url |
pkg:gem/actionpack@3.2.8 |
| purl |
pkg:gem/actionpack@3.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 12 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 13 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 14 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 15 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 16 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 17 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 18 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 19 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 20 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 21 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 22 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 23 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 24 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 25 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 26 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 27 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 28 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 29 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 30 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 31 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 32 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 33 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8 |
|
|
| aliases |
CVE-2012-3463, GHSA-98mf-8f57-64qf, OSV-84515
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ahgm-vw45-33a2 |
|
| 8 |
| url |
VCID-auvj-pgpu-mybv |
| vulnerability_id |
VCID-auvj-pgpu-mybv |
| summary |
XSS Vulnerability in the `sanitize` helper
The `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.1.12 |
| purl |
pkg:gem/actionpack@3.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 7 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 8 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 9 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 10 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 11 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 12 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 13 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 14 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 15 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 16 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 17 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 18 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 19 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 20 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 21 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 22 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 23 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 24 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 25 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 26 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 27 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 28 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 29 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 30 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12 |
|
| 1 |
| url |
pkg:gem/actionpack@3.2.13 |
| purl |
pkg:gem/actionpack@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 7 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 14 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 15 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 16 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 17 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 18 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 19 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 20 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 21 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 25 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 26 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 27 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 28 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 29 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 30 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 31 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 32 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13 |
|
|
| aliases |
CVE-2013-1857, GHSA-j838-vfpq-fmf2, OSV-91454
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-auvj-pgpu-mybv |
|
| 9 |
| url |
VCID-b5zn-u8pu-zya6 |
| vulnerability_id |
VCID-b5zn-u8pu-zya6 |
| summary |
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request
`actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.14 |
| purl |
pkg:gem/actionpack@3.0.14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 18 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 19 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 20 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 21 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 22 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 23 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 24 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 25 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 26 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 27 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 28 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 29 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 30 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 31 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 32 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 33 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 34 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.14 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.6 |
| purl |
pkg:gem/actionpack@3.1.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 18 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 19 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 20 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 21 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 22 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 23 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 24 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 25 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 26 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 27 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 28 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 29 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 30 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 31 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 32 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 33 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 34 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.6 |
|
| 2 |
| url |
pkg:gem/actionpack@3.2.6 |
| purl |
pkg:gem/actionpack@3.2.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 13 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 34 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 35 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 36 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.6 |
|
|
| aliases |
CVE-2012-2694, GHSA-q34c-48gc-m9g8
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b5zn-u8pu-zya6 |
|
| 10 |
| url |
VCID-ct3m-wed2-6bhq |
| vulnerability_id |
VCID-ct3m-wed2-6bhq |
| summary |
Path Traversal
The Rails gem allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` in a pathname. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.22.1 |
| purl |
pkg:gem/actionpack@3.2.22.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 6 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 7 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 10 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 11 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 12 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 13 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 14 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 15 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 16 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 17 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 18 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1 |
|
| 1 |
| url |
pkg:gem/actionpack@4.1.14.1 |
| purl |
pkg:gem/actionpack@4.1.14.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 6 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 7 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 10 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 11 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 12 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 13 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 14 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 15 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 16 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 17 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.2.5.1 |
| purl |
pkg:gem/actionpack@4.2.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 6 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 7 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 10 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 11 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 12 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 13 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 14 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 15 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 16 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1 |
|
|
| aliases |
CVE-2016-0752, GHSA-xrr4-p6fq-hjg7
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ct3m-wed2-6bhq |
|
| 11 |
| url |
VCID-de5p-39kn-pkd3 |
| vulnerability_id |
VCID-de5p-39kn-pkd3 |
| summary |
actionpack Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.17 |
| purl |
pkg:gem/actionpack@3.0.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 14 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 15 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 16 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 17 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 18 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 19 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 20 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 21 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 25 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 26 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 27 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 28 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 29 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 30 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 31 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.17 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.0.beta1 |
| purl |
pkg:gem/actionpack@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1 |
|
| 2 |
| url |
pkg:gem/actionpack@3.1.8 |
| purl |
pkg:gem/actionpack@3.1.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 14 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 15 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 16 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 17 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 18 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 19 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 20 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 21 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 25 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 26 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 27 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 28 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 29 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 30 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 31 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.8 |
|
| 3 |
| url |
pkg:gem/actionpack@3.2.0.rc1 |
| purl |
pkg:gem/actionpack@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 13 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 19 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 20 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 21 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 22 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 23 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 24 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 25 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 26 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 27 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 28 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 29 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 30 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 31 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 32 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 33 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 34 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 35 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 36 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 37 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1 |
|
| 4 |
| url |
pkg:gem/actionpack@3.2.8 |
| purl |
pkg:gem/actionpack@3.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 12 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 13 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 14 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 15 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 16 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 17 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 18 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 19 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 20 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 21 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 22 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 23 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 24 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 25 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 26 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 27 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 28 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 29 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 30 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 31 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 32 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 33 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.8 |
|
|
| aliases |
CVE-2012-3465, GHSA-7g65-ghrg-hpf5, OSV-84513
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-de5p-39kn-pkd3 |
|
| 12 |
| url |
VCID-dz1r-ae9g-57en |
| vulnerability_id |
VCID-dz1r-ae9g-57en |
| summary |
Exposure of Sensitive Information to an Unauthorized Actor
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-3086, GHSA-fg9w-g6m4-557j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dz1r-ae9g-57en |
|
| 13 |
| url |
VCID-f8s8-epzh-3bhw |
| vulnerability_id |
VCID-f8s8-epzh-3bhw |
| summary |
Denial of Service Vulnerability when using render :text
Strings sent in specially crafted headers will be converted to symbols. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.17 |
| purl |
pkg:gem/actionpack@3.2.17 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 5 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 6 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 9 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 10 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 11 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 12 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 13 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 14 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 15 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 16 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 17 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 18 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 21 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 22 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 23 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.17 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.0.beta1 |
| purl |
pkg:gem/actionpack@4.0.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 7 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 10 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 11 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 12 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 13 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 14 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 15 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 16 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 17 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 18 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 19 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 20 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 21 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 22 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 23 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 24 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 25 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 26 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 27 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 28 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 29 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0.beta1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.0.0 |
| purl |
pkg:gem/actionpack@4.0.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-1bxj-7h5q-jbdz |
|
| 3 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 4 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 5 |
| vulnerability |
VCID-5za7-eapk-3qgx |
|
| 6 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 7 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 8 |
| vulnerability |
VCID-8frw-skyq-1fh9 |
|
| 9 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 14 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 17 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 18 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 19 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 20 |
| vulnerability |
VCID-kurg-1k8b-zkh6 |
|
| 21 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 22 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 23 |
| vulnerability |
VCID-mrwn-mkcp-j7dv |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-rjft-pjjz-vycp |
|
| 28 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 29 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 30 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 31 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 32 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 33 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 34 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 35 |
| vulnerability |
VCID-w2ca-rqx2-m7f4 |
|
| 36 |
| vulnerability |
VCID-wrrq-xxs9-xka9 |
|
| 37 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 38 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 39 |
| vulnerability |
VCID-ypmv-73g2-gfex |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.0 |
|
|
| aliases |
CVE-2014-0082, GHSA-7cgp-c3g7-qvrw, OSV-103440
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f8s8-epzh-3bhw |
|
| 14 |
| url |
VCID-fm16-z8wy-6fgz |
| vulnerability_id |
VCID-fm16-z8wy-6fgz |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2009-3009, GHSA-8qrh-h9m2-5fvf, OSV-57666
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fm16-z8wy-6fgz |
|
| 15 |
| url |
VCID-ghfd-u91m-dbdz |
| vulnerability_id |
VCID-ghfd-u91m-dbdz |
| summary |
Denial of Service Vulnerability in Action View
There is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.16 |
| purl |
pkg:gem/actionpack@3.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 12 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 19 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 20 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 23 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 24 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 25 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 11 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 12 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 18 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 19 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 20 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 23 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-6414, GHSA-mpxf-gcw2-pw5q, OSV-100525
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ghfd-u91m-dbdz |
|
| 16 |
| url |
VCID-gqg3-gs2h-zugf |
| vulnerability_id |
VCID-gqg3-gs2h-zugf |
| summary |
XSS vulnerability in sanitize_css in Action Pack
Carefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.1.12 |
| purl |
pkg:gem/actionpack@3.1.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 7 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 8 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 9 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 10 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 11 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 12 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 13 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 14 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 15 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 16 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 17 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 18 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 19 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 20 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 21 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 22 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 23 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 24 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 25 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 26 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 27 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 28 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 29 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 30 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.12 |
|
| 1 |
| url |
pkg:gem/actionpack@3.2.13 |
| purl |
pkg:gem/actionpack@3.2.13 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 5 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 6 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 7 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 8 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 9 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 10 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 11 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 12 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 13 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 14 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 15 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 16 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 17 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 18 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 19 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 20 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 21 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 22 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 23 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 24 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 25 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 26 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 27 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 28 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 29 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 30 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 31 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 32 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.13 |
|
|
| aliases |
CVE-2013-1855, GHSA-q759-hwvc-m3jg, OSV-91452
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gqg3-gs2h-zugf |
|
| 17 |
| url |
VCID-hpu4-xbs2-fugs |
| vulnerability_id |
VCID-hpu4-xbs2-fugs |
| summary |
XSS via posted select tag options
Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.12 |
| purl |
pkg:gem/actionpack@3.0.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 18 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 19 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 20 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 21 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 22 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 23 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 24 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 25 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 26 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 27 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 28 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 29 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 30 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 31 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 32 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 33 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 34 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.12 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.0.beta1 |
| purl |
pkg:gem/actionpack@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1 |
|
| 2 |
| url |
pkg:gem/actionpack@3.1.4 |
| purl |
pkg:gem/actionpack@3.1.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 18 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 19 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 20 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 21 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 22 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 23 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 24 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 25 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 26 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 27 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 28 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 29 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 30 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 31 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 32 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 33 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 34 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.4 |
|
| 3 |
| url |
pkg:gem/actionpack@3.2.0.rc1 |
| purl |
pkg:gem/actionpack@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 13 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 19 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 20 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 21 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 22 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 23 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 24 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 25 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 26 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 27 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 28 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 29 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 30 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 31 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 32 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 33 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 34 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 35 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 36 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 37 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1 |
|
| 4 |
| url |
pkg:gem/actionpack@3.2.2 |
| purl |
pkg:gem/actionpack@3.2.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 13 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 34 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 35 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 36 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.2 |
|
|
| aliases |
CVE-2012-1099, GHSA-2xjj-5x6h-8vmf, OSV-79727
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hpu4-xbs2-fugs |
|
| 18 |
| url |
VCID-hud5-xxhh-u3ex |
| vulnerability_id |
VCID-hud5-xxhh-u3ex |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-0446, GHSA-75w6-p6mg-vh8j
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hud5-xxhh-u3ex |
|
| 19 |
| url |
VCID-j52w-azvw-1ycn |
| vulnerability_id |
VCID-j52w-azvw-1ycn |
| summary |
Directory Traversal Vulnerability With Certain Route Configurations
The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the RoR application server. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.18 |
| purl |
pkg:gem/actionpack@3.2.18 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 5 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 6 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 9 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 10 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 11 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 12 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 13 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 14 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 15 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 16 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 17 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 18 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 19 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 20 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 21 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 22 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.18 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.5 |
| purl |
pkg:gem/actionpack@4.0.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 5 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 6 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 9 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 10 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 11 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 12 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 13 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 14 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 15 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 16 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 17 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 18 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 21 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.5 |
|
| 2 |
| url |
pkg:gem/actionpack@4.1.1 |
| purl |
pkg:gem/actionpack@4.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 5 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 6 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 7 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 8 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 9 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 10 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 11 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 12 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 13 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 14 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 15 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 16 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 17 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 18 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 19 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 20 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 21 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.1 |
|
|
| aliases |
CVE-2014-0130, GHSA-6x85-j5j2-27jx
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j52w-azvw-1ycn |
|
| 20 |
| url |
VCID-j585-zz5s-nqd5 |
| vulnerability_id |
VCID-j585-zz5s-nqd5 |
| summary |
Timing attack vulnerability in basic authentication
Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for `http_basic_authenticate_with` method calls in your application. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.22.1 |
| purl |
pkg:gem/actionpack@3.2.22.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 6 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 7 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 10 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 11 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 12 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 13 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 14 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 15 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 16 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 17 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 18 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1 |
|
| 1 |
| url |
pkg:gem/actionpack@4.1.14.1 |
| purl |
pkg:gem/actionpack@4.1.14.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 6 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 7 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 10 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 11 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 12 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 13 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 14 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 15 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 16 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 17 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.2.5.1 |
| purl |
pkg:gem/actionpack@4.2.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 6 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 7 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 10 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 11 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 12 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 13 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 14 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 15 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 16 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1 |
|
| 3 |
| url |
pkg:gem/actionpack@5.0.0.beta1.1 |
| purl |
pkg:gem/actionpack@5.0.0.beta1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 4 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 5 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 6 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 7 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 8 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 9 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 10 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 11 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 12 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 13 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 14 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1 |
|
|
| aliases |
CVE-2015-7576, GHSA-p692-7mm3-3fxg
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-j585-zz5s-nqd5 |
|
| 21 |
| url |
VCID-jnrw-sue5-zqex |
| vulnerability_id |
VCID-jnrw-sue5-zqex |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.10 |
| purl |
pkg:gem/actionpack@3.0.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.10 |
|
|
| aliases |
CVE-2011-2931, GHSA-v5jg-558j-q67c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jnrw-sue5-zqex |
|
| 22 |
| url |
VCID-kyj5-b8wz-pkgj |
| vulnerability_id |
VCID-kyj5-b8wz-pkgj |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.8 |
| purl |
pkg:gem/actionpack@3.0.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.8 |
|
|
| aliases |
CVE-2011-2197, GHSA-v9v4-7jp6-8c73
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kyj5-b8wz-pkgj |
|
| 23 |
| url |
VCID-m8rg-xa7x-6yan |
| vulnerability_id |
VCID-m8rg-xa7x-6yan |
| summary |
Improper Input Validation
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability." |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.10 |
| purl |
pkg:gem/actionpack@3.0.10 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.10 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.0 |
| purl |
pkg:gem/actionpack@3.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 19 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 20 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 21 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 22 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 23 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 24 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 25 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 26 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 27 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 28 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 29 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 30 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 31 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 32 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 33 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 34 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 35 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 36 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0 |
|
|
| aliases |
CVE-2011-2929, GHSA-r7q2-5gqg-6c7q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m8rg-xa7x-6yan |
|
| 24 |
| url |
VCID-n2ap-zgrd-skhf |
| vulnerability_id |
VCID-n2ap-zgrd-skhf |
| summary |
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-22795, GHSA-8xww-x3g3-6jcv, GMS-2023-56
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-n2ap-zgrd-skhf |
|
| 25 |
| url |
VCID-pzs8-zstn-hbf2 |
| vulnerability_id |
VCID-pzs8-zstn-hbf2 |
| summary |
actionpack Improper Authentication vulnerability
The `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.16 |
| purl |
pkg:gem/actionpack@3.0.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 18 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 19 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 20 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 21 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 22 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 23 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 24 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 25 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 26 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 27 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 28 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 29 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 30 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 31 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 32 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 33 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.16 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.0.beta1 |
| purl |
pkg:gem/actionpack@3.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0.beta1 |
|
| 2 |
| url |
pkg:gem/actionpack@3.1.7 |
| purl |
pkg:gem/actionpack@3.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 18 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 19 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 20 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 21 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 22 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 23 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 24 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 25 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 26 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 27 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 28 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 29 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 30 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 31 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 32 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 33 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.7 |
|
| 3 |
| url |
pkg:gem/actionpack@3.2.0.rc1 |
| purl |
pkg:gem/actionpack@3.2.0.rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 13 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 19 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 20 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 21 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 22 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 23 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 24 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 25 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 26 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 27 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 28 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 29 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 30 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 31 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 32 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 33 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 34 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 35 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 36 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 37 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0.rc1 |
|
| 4 |
| url |
pkg:gem/actionpack@3.2.7 |
| purl |
pkg:gem/actionpack@3.2.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 13 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 26 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 27 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 28 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 29 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 30 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 31 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 32 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 33 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.7 |
|
|
| aliases |
CVE-2012-3424, GHSA-92w9-2pqw-rhjj, OSV-84243
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pzs8-zstn-hbf2 |
|
| 26 |
| url |
VCID-r7ur-pzac-7bbk |
| vulnerability_id |
VCID-r7ur-pzac-7bbk |
| summary |
Improper Input Validation
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2011-3187, GHSA-3vfw-7rcp-3xgm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r7ur-pzac-7bbk |
|
| 27 |
| url |
VCID-sevc-c95q-tyg8 |
| vulnerability_id |
VCID-sevc-c95q-tyg8 |
| summary |
Improper Input Validation
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
|
| aliases |
CVE-2008-7248, GHSA-8fqx-7pv4-3jwm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sevc-c95q-tyg8 |
|
| 28 |
| url |
VCID-sfnx-agxs-9yc9 |
| vulnerability_id |
VCID-sfnx-agxs-9yc9 |
| summary |
XSS Vulnerability in number_to_currency
The number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.16 |
| purl |
pkg:gem/actionpack@3.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 12 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 19 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 20 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 23 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 24 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 25 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 11 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 12 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 18 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 19 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 20 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 23 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-6415, GHSA-6h5q-96hp-9jgm, OSV-100524
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sfnx-agxs-9yc9 |
|
| 29 |
| url |
VCID-swv6-gyb1-y7bs |
| vulnerability_id |
VCID-swv6-gyb1-y7bs |
| summary |
XSS Vulnerability in simple_format helper
The simple_format helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass user-controlled data to be included as html attributes will be vulnerable to an XSS attack. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.1.0 |
| purl |
pkg:gem/actionpack@3.1.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f22x-hsz9-kfau |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 17 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 18 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 19 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 20 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 21 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 22 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 23 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 24 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 25 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 26 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 27 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 28 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 29 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 30 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 31 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 32 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 33 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 34 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 35 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 36 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.0 |
|
| 1 |
| url |
pkg:gem/actionpack@3.2.0 |
| purl |
pkg:gem/actionpack@3.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 9 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 10 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 11 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 12 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 13 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 14 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 15 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 16 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 17 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 18 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 19 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 20 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 21 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 22 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 23 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 24 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 25 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 26 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 27 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 28 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 29 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 30 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 31 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 32 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 33 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 34 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 35 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 36 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 37 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 38 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.0 |
|
| 2 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 11 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 12 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 18 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 19 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 20 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 23 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-6416, GHSA-w37c-q653-qg95, OSV-100526
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-swv6-gyb1-y7bs |
|
| 30 |
| url |
VCID-t1ep-g6cz-7kgr |
| vulnerability_id |
VCID-t1ep-g6cz-7kgr |
| summary |
Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true` |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.21 |
| purl |
pkg:gem/actionpack@3.2.21 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 6 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 7 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 10 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 11 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 12 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 13 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 14 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 15 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 16 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 17 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 18 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 19 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 20 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.21 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.11.1 |
| purl |
pkg:gem/actionpack@4.0.11.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 6 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 7 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 10 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 11 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 12 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 13 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 14 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 15 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 16 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 17 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 18 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 19 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.11.1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.0.12 |
| purl |
pkg:gem/actionpack@4.0.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 6 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 7 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 10 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 11 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 12 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 13 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 14 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 15 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 16 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 17 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 18 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 19 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 20 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.12 |
|
| 3 |
| url |
pkg:gem/actionpack@4.1.0.beta1 |
| purl |
pkg:gem/actionpack@4.1.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 11 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 12 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 13 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 14 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 15 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 16 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 17 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 18 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 19 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 20 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 21 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 22 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.0.beta1 |
|
| 4 |
| url |
pkg:gem/actionpack@4.1.7.1 |
| purl |
pkg:gem/actionpack@4.1.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 6 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 7 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 10 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 11 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 12 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 13 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 14 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 15 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 16 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 17 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 18 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 19 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.7.1 |
|
| 5 |
| url |
pkg:gem/actionpack@4.1.8 |
| purl |
pkg:gem/actionpack@4.1.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 6 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 7 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 10 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 11 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 12 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 13 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 14 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 15 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 16 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 17 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 18 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 19 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 20 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.8 |
|
| 6 |
| url |
pkg:gem/actionpack@4.2.0.beta1 |
| purl |
pkg:gem/actionpack@4.2.0.beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 2 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 3 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 4 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 5 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 6 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 7 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 10 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 11 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 12 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 13 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 14 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 15 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 16 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 17 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 18 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 19 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 20 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta1 |
|
| 7 |
| url |
pkg:gem/actionpack@4.2.0.beta4 |
| purl |
pkg:gem/actionpack@4.2.0.beta4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 6 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 7 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 8 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 9 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 10 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 11 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 12 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 13 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 14 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 15 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 16 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 17 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 18 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 19 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.0.beta4 |
|
|
| aliases |
CVE-2014-7829, GHSA-h56m-vwxc-3qpw
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t1ep-g6cz-7kgr |
|
| 31 |
| url |
VCID-tc9x-h24m-9ufe |
| vulnerability_id |
VCID-tc9x-h24m-9ufe |
| summary |
Translate helper method which may allow an attacker to insert arbitrary code into a page
The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.0.11 |
| purl |
pkg:gem/actionpack@3.0.11 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.11 |
|
| 1 |
| url |
pkg:gem/actionpack@3.1.2 |
| purl |
pkg:gem/actionpack@3.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-14eh-tn37-bfhu |
|
| 2 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 3 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 4 |
| vulnerability |
VCID-6as7-jkwa-53dk |
|
| 5 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 6 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 7 |
| vulnerability |
VCID-ahgm-vw45-33a2 |
|
| 8 |
| vulnerability |
VCID-auvj-pgpu-mybv |
|
| 9 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 10 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 11 |
| vulnerability |
VCID-de5p-39kn-pkd3 |
|
| 12 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 13 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 14 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 15 |
| vulnerability |
VCID-ghfd-u91m-dbdz |
|
| 16 |
| vulnerability |
VCID-gqg3-gs2h-zugf |
|
| 17 |
| vulnerability |
VCID-hpu4-xbs2-fugs |
|
| 18 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 19 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 20 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 21 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 22 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 23 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 24 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 25 |
| vulnerability |
VCID-pzs8-zstn-hbf2 |
|
| 26 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 27 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 28 |
| vulnerability |
VCID-sfnx-agxs-9yc9 |
|
| 29 |
| vulnerability |
VCID-swv6-gyb1-y7bs |
|
| 30 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 31 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 32 |
| vulnerability |
VCID-vaa4-b9ph-b7cm |
|
| 33 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 34 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 35 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.1.2 |
|
|
| aliases |
CVE-2011-4319, GHSA-xxr8-833v-c7wc, OSV-77199
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tc9x-h24m-9ufe |
|
| 32 |
| url |
VCID-vaa4-b9ph-b7cm |
| vulnerability_id |
VCID-vaa4-b9ph-b7cm |
| summary |
Reflective XSS Vulnerability
There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.16 |
| purl |
pkg:gem/actionpack@3.2.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-f8s8-epzh-3bhw |
|
| 10 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 11 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 12 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 13 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 14 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 15 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 16 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 17 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 18 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 19 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 20 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 23 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 24 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 25 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16 |
|
| 1 |
| url |
pkg:gem/actionpack@4.0.2 |
| purl |
pkg:gem/actionpack@4.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1161-4sdr-fkc3 |
|
| 1 |
| vulnerability |
VCID-26je-urbt-8kee |
|
| 2 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 3 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 4 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 5 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 6 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 7 |
| vulnerability |
VCID-ct3m-wed2-6bhq |
|
| 8 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 9 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 10 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 11 |
| vulnerability |
VCID-j52w-azvw-1ycn |
|
| 12 |
| vulnerability |
VCID-j585-zz5s-nqd5 |
|
| 13 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 14 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 15 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 16 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 17 |
| vulnerability |
VCID-pssv-24tn-kkc5 |
|
| 18 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 19 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 20 |
| vulnerability |
VCID-t1ep-g6cz-7kgr |
|
| 21 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 22 |
| vulnerability |
VCID-wyvv-ks5y-fkex |
|
| 23 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.0.2 |
|
|
| aliases |
CVE-2013-4491, GHSA-699m-mcjm-9cw8, OSV-100528
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vaa4-b9ph-b7cm |
|
| 33 |
| url |
VCID-wyvv-ks5y-fkex |
| vulnerability_id |
VCID-wyvv-ks5y-fkex |
| summary |
Possible Object Leak and Denial of Service attack
A carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.22.1 |
| purl |
pkg:gem/actionpack@3.2.22.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 6 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 7 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 10 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 11 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 12 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 13 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 14 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 15 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 16 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 17 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
| 18 |
| vulnerability |
VCID-zm15-yzy1-xuhv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.1 |
|
| 1 |
| url |
pkg:gem/actionpack@4.1.14.1 |
| purl |
pkg:gem/actionpack@4.1.14.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 6 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 7 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 10 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 11 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 12 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 13 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 14 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 15 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 16 |
| vulnerability |
VCID-vm51-p4w4-n3du |
|
| 17 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.1.14.1 |
|
| 2 |
| url |
pkg:gem/actionpack@4.2.5.1 |
| purl |
pkg:gem/actionpack@4.2.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-apra-79g2-wkfn |
|
| 4 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 5 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 6 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 7 |
| vulnerability |
VCID-fn9u-w13j-43dz |
|
| 8 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 9 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 10 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 11 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 12 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 13 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 14 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 15 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 16 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@4.2.5.1 |
|
| 3 |
| url |
pkg:gem/actionpack@5.0.0.beta1.1 |
| purl |
pkg:gem/actionpack@5.0.0.beta1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 4 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 5 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 6 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 7 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 8 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 9 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 10 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 11 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 12 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 13 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 14 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@5.0.0.beta1.1 |
|
|
| aliases |
CVE-2016-0751, GHSA-ffpv-c4hm-3x6v
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wyvv-ks5y-fkex |
|
| 34 |
| url |
VCID-yp5x-mgfj-xbbf |
| vulnerability_id |
VCID-yp5x-mgfj-xbbf |
| summary |
ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-22792, GHSA-p84v-45xj-wwqj, GMS-2023-58
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yp5x-mgfj-xbbf |
|
| 35 |
| url |
VCID-zm15-yzy1-xuhv |
| vulnerability_id |
VCID-zm15-yzy1-xuhv |
| summary |
Possible XSS Vulnerability in ActionView
There is a possible XSS vulnerability in Action View. Text declared as `HTML safe` will not have quotes escaped when used as attribute values in tag helpers. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:gem/actionpack@3.2.22.3 |
| purl |
pkg:gem/actionpack@3.2.22.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-31rm-1rpc-g3dq |
|
| 1 |
| vulnerability |
VCID-6cjf-b88j-n3bw |
|
| 2 |
| vulnerability |
VCID-6jdd-kze9-myfz |
|
| 3 |
| vulnerability |
VCID-b5zn-u8pu-zya6 |
|
| 4 |
| vulnerability |
VCID-dz1r-ae9g-57en |
|
| 5 |
| vulnerability |
VCID-fm16-z8wy-6fgz |
|
| 6 |
| vulnerability |
VCID-hud5-xxhh-u3ex |
|
| 7 |
| vulnerability |
VCID-jnrw-sue5-zqex |
|
| 8 |
| vulnerability |
VCID-kyj5-b8wz-pkgj |
|
| 9 |
| vulnerability |
VCID-m8rg-xa7x-6yan |
|
| 10 |
| vulnerability |
VCID-n2ap-zgrd-skhf |
|
| 11 |
| vulnerability |
VCID-r7ur-pzac-7bbk |
|
| 12 |
| vulnerability |
VCID-sevc-c95q-tyg8 |
|
| 13 |
| vulnerability |
VCID-tc9x-h24m-9ufe |
|
| 14 |
| vulnerability |
VCID-yp5x-mgfj-xbbf |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.22.3 |
|
|
| aliases |
CVE-2016-6316, GHSA-pc3m-v286-2jwj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zm15-yzy1-xuhv |
|