Search CVE reports
71 – 80 of 151 results
An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to...
1 affected package
ruby-rails-admin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-rails-admin | Not in release | Not in release | Not in release | Vulnerable |
SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because...
7 affected packages
rails, ruby-actionpack-3.2, ruby-rails-3.2, rails-4.0, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | Not affected | Not affected | Not affected | Not affected |
| ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release |
| rails-4.0 | Not in release | Not in release | Not in release | Not in release |
| ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release |
SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because...
7 affected packages
rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | Not affected | Not affected | Not affected | Not affected |
| rails-4.0 | Not in release | Not in release | Not in release | Not in release |
| ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release |
SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation...
7 affected packages
rails, ruby-rails-3.2, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | Not affected | Not affected | Not affected | Not affected |
| ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release |
| rails-4.0 | Not in release | Not in release | Not in release | Not in release |
| ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release |
SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because...
7 affected packages
rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2, ruby-activesupport-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails-4.0 | Not in release | Not in release | Not in release | Not in release |
| ruby-actionpack-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activemodel-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activerecord-3.2 | Not in release | Not in release | Not in release | Not in release |
| ruby-activesupport-3.2 | Not in release | Not in release | Not in release | Not in release |
| rails | Not affected | Not affected | Not affected | Not affected |
| ruby-rails-3.2 | Not in release | Not in release | Not in release | Not in release |
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activemodel-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activemodel-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activemodel-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activemodel-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Some fixes available 1 of 5
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation...
11 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2, ruby-activemodel-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activemodel-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |