Search for packages
| purl | pkg:gem/actionpack@5.0.0.racecar1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-37qm-tp8v-tugb
Aliases: CVE-2024-47887 GHSA-vfg9-r3fq-jvx4 |
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. ## Impact For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. ## Releases The fixed releases are available at the normal locations. ## Workarounds Users on Ruby 3.2 are unaffected by this issue. ## Credits Thanks to [scyoon](https://hackerone.com/scyoon) for reporting |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-75m1-xqdk-j7f3
Aliases: CVE-2011-2929 GHSA-r7q2-5gqg-6c7q |
Improper Input Validation The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability." | There are no reported fixed by versions. |
|
VCID-b464-j8ja-hke6
Aliases: CVE-2008-7248 GHSA-8fqx-7pv4-3jwm |
Improper Input Validation Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain. | There are no reported fixed by versions. |
|
VCID-bcwq-ngna-fqhd
Aliases: CVE-2011-0447 GHSA-24fg-p96v-hxh8 |
Cross-Site Request Forgery (CSRF) Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696. | There are no reported fixed by versions. |
|
VCID-bfqq-ypyw-dycj
Aliases: CVE-2024-26143 GHSA-9822-6m93-xqf4 |
Rails has possible XSS Vulnerability in Action Controller # Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers (`translate`, `t`, etc) in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: >= 7.0.0. Not affected: < 7.0.0 Fixed Versions: 7.1.3.1, 7.0.8.1 Impact ------ Applications using translation methods like `translate`, or `t` on a controller, with a key ending in "_html", a `:default` key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. For example, impacted code will look something like this: ```ruby class ArticlesController < ApplicationController def show @message = t("message_html", default: untrusted_input) # The `show` template displays the contents of `@message` end end ``` To reiterate the pre-conditions, applications must: * Use a translation function from a controller (i.e. _not_ I18n.t, or `t` from a view) * Use a key that ends in `_html` * Use a default value where the default value is untrusted and unescaped input * Send the text to the victim (whether that's part of a template, or a `render` call) All users running an affected release should either upgrade or use one of the workarounds immediately. Releases -------- The fixed releases are available at the normal locations. Workarounds ----------- There are no feasible workarounds for this issue. Patches ------- To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset. * 7-0-translate-xss.patch - Patch for 7.0 series * 7-1-translate-xss.patch - Patch for 7.1 series Credits ------- Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the patch and fix! |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-cbvq-4ze7-r3g6
Aliases: CVE-2011-4319 GHSA-xxr8-833v-c7wc OSV-77199 |
Translate helper method which may allow an attacker to insert arbitrary code into a page The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped. | There are no reported fixed by versions. |
|
VCID-chxq-j9us-cygh
Aliases: CVE-2011-2197 GHSA-v9v4-7jp6-8c73 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method. | There are no reported fixed by versions. |
|
VCID-f21a-143f-9qay
Aliases: CVE-2012-2694 GHSA-q34c-48gc-m9g8 |
actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request `actionpack/lib/action_dispatch/http/request.rb` in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain `['xyz', nil]` values, a related issue to CVE-2012-2660. | There are no reported fixed by versions. |
|
VCID-ftus-vcww-2kgf
Aliases: CVE-2011-3187 GHSA-3vfw-7rcp-3xgm |
Improper Input Validation The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header. | There are no reported fixed by versions. |
|
VCID-hdu6-u2pb-aqhp
Aliases: CVE-2009-3009 GHSA-8qrh-h9m2-5fvf OSV-57666 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. | There are no reported fixed by versions. |
|
VCID-jkk1-jx5j-q3ch
Aliases: CVE-2009-3086 GHSA-fg9w-g6m4-557j |
Exposure of Sensitive Information to an Unauthorized Actor A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts. | There are no reported fixed by versions. |
|
VCID-n798-maqx-y3c9
Aliases: CVE-2024-26142 GHSA-jjhx-jhvp-74wq |
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch # Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: >= 7.1.0, < 7.1.3.1 Not affected: < 7.1.0 Fixed Versions: 7.1.3.1 Impact ------ Carefully crafted Accept headers can cause Accept header parsing in Action Dispatch to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or use one of the workarounds immediately. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Releases -------- The fixed releases are available at the normal locations. Workarounds ----------- There are no feasible workarounds for this issue. Patches ------- To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset. * 7-1-accept-redox.patch - Patch for 7.1 series Credits ------- Thanks [svalkanov](https://hackerone.com/svalkanov) for the report and patch! |
Affected by 4 other vulnerabilities. |
|
VCID-nhny-abkr-6qhb
Aliases: CVE-2023-22795 GHSA-8xww-x3g3-6jcv GMS-2023-56 |
ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-nprk-kfvh-vqfh
Aliases: CVE-2024-41128 GHSA-x76w-6vjr-8xgj |
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128. ## Impact Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected. ## Releases The fixed releases are available at the normal locations. ## Workarounds Users on Ruby 3.2 are unaffected by this issue. ## Credits Thanks to [scyoon](https://hackerone.com/scyoon) for the report and patches! |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-p6yg-d8wm-4bgz
Aliases: CVE-2012-2660 GHSA-hgpp-pp89-4fgf OSV-82610 |
SQL Injection Ruby on Rails contains a flaw related to the way ActiveRecord handles parameters in conjunction with the way Rack parses query parameters. This issue may allow an attacker to inject arbitrary `IS NULL` clauses in to application SQL queries. This may also allow an attacker to have the SQL query check for `NULL` in arbitrary places. | There are no reported fixed by versions. |
|
VCID-sw7t-5s3e-vkhx
Aliases: CVE-2023-22792 GHSA-p84v-45xj-wwqj GMS-2023-58 |
ReDoS based DoS vulnerability in Action Dispatch There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. |
Affected by 8 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-ufrj-jn16-jybn
Aliases: CVE-2026-33167 GHSA-pgm4-439c-5jp6 |
Rails has a possible XSS vulnerability in its Action Pack debug exceptions ### Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled (`config.consider_all_requests_local = true`), which is the default in development. ### Releases The fixed releases are available at the normal locations. |
Affected by 0 other vulnerabilities. |
|
VCID-v3vg-9jdz-guf5
Aliases: CVE-2024-54133 GHSA-vfm5-rmrh-j26v |
Possible Content Security Policy bypass in Action Dispatch There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper in Action Pack. ## Impact Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. ## Releases The fixed releases are available at the normal locations. ## Workarounds Applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input. ## Credits Thanks to [ryotak](https://hackerone.com/ryotak) for the report! |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-vp3u-cexw-57a4
Aliases: CVE-2011-2931 GHSA-v5jg-558j-q67c |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name. | There are no reported fixed by versions. |
|
VCID-ypcy-hry9-5fa3
Aliases: CVE-2011-0449 GHSA-4ww3-3rxj-8v6q |
High severity vulnerability that affects actionpack actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters. | There are no reported fixed by versions. |
|
VCID-z21g-8h32-yyf6
Aliases: CVE-2011-0446 GHSA-75w6-p6mg-vh8j |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||