Search for packages
| purl | pkg:rpm/redhat/ruby193-rubygem-rails@1:3.2.17-1?arch=el6sam |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-35rt-t6e1-pfa6
Aliases: CVE-2014-0130 GHSA-6x85-j5j2-27jx |
Directory Traversal Vulnerability With Certain Route Configurations The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the RoR application server. | There are no reported fixed by versions. |
|
VCID-4epw-vk25-mfdw
Aliases: CVE-2013-1855 GHSA-q759-hwvc-m3jg OSV-91452 |
XSS vulnerability in sanitize_css in Action Pack Carefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack. | There are no reported fixed by versions. |
|
VCID-4he5-y1u4-gkd2
Aliases: CVE-2013-1857 GHSA-j838-vfpq-fmf2 OSV-91454 |
XSS Vulnerability in the `sanitize` helper The `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious. | There are no reported fixed by versions. |
|
VCID-5hqj-fxmk-cbcy
Aliases: CVE-2013-6415 GHSA-6h5q-96hp-9jgm OSV-100524 |
XSS Vulnerability in number_to_currency The number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack. | There are no reported fixed by versions. |
|
VCID-kcj2-v7av-47cv
Aliases: CVE-2013-4491 GHSA-699m-mcjm-9cw8 OSV-100528 |
Reflective XSS Vulnerability There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack. | There are no reported fixed by versions. |
|
VCID-pmrb-t3bm-zkb6
Aliases: CVE-2013-6414 GHSA-mpxf-gcw2-pw5q OSV-100525 |
Denial of Service Vulnerability in Action View There is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service. | There are no reported fixed by versions. |
|
VCID-xa94-z6yu-skf8
Aliases: CVE-2013-1854 GHSA-3crr-9vmg-864v OSV-91453 |
Symbol DoS vulnerability in Active Record When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||