Search CVE reports

Toggle filters

1 – 10 of 148 results

CVE-2023-38037

Medium priority
Needs evaluation

ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-28362

Medium priority
Needs evaluation

The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-28120

Medium priority
Needs evaluation

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-23913

Medium priority
Needs evaluation

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rails-4.0 Not in release Not in release Not in release Not in release
ruby-actionpack-3.2 Not in release Not in release Not in release Not in release
ruby-activemodel-3.2 Not in release Not in release Not in release Not in release
ruby-activerecord-3.2 Not in release Not in release Not in release Not in release
ruby-activesupport-3.2 Not in release Not in release Not in release Not in release
ruby-rails-3.2 Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-54133

Medium priority
Needs evaluation

Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to...

1 affected package

rails

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rails Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-53988

Medium priority
Needs evaluation

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible...

1 affected package

ruby-rails-html-sanitizer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rails-html-sanitizer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-53987

Medium priority
Needs evaluation

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible...

1 affected package

ruby-rails-html-sanitizer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rails-html-sanitizer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-53986

Medium priority
Needs evaluation

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible...

1 affected package

ruby-rails-html-sanitizer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rails-html-sanitizer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-53985

Medium priority
Needs evaluation

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri...

1 affected package

ruby-rails-html-sanitizer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rails-html-sanitizer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-53989

Medium priority
Needs evaluation

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible...

1 affected package

ruby-rails-html-sanitizer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rails-html-sanitizer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON