Search CVE reports
91 – 100 of 151 results
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of...
1 affected package
ruby-jquery-rails
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-jquery-rails | — | — | — | Not affected |
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when...
11 affected packages
rails, rails-3.2, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-3.2 | — | — | — | Not in release |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when...
11 affected packages
rails, rails-3.2, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-3.2 | — | — | — | Not in release |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-activesupport-2.3 | — | — | — | Not in release |
| ruby-activesupport-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to...
11 affected packages
rails, rails-3.2, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | — |
| rails-3.2 | — | — | — | — |
| rails-4.0 | — | — | — | — |
| ruby-actionpack-2.3 | — | — | — | — |
| ruby-actionpack-3.2 | — | — | — | — |
| ruby-activerecord-2.3 | — | — | — | — |
| ruby-activerecord-3.2 | — | — | — | — |
| ruby-activesupport-2.3 | — | — | — | — |
| ruby-activesupport-3.2 | — | — | — | — |
| ruby-rails-2.3 | — | — | — | — |
| ruby-rails-3.2 | — | — | — | — |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers...
7 affected packages
rails, rails-3.2, rails-4.0, ruby-activerecord-2.3, ruby-activerecord-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-3.2 | — | — | — | Not in release |
| rails-4.0 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute...
7 affected packages
rails, rails-3.2, rails-4.0, ruby-activerecord-2.3, ruby-activerecord-3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-3.2 | — | — | — | Not in release |
| rails-4.0 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing...
2 affected packages
rails, rails-4.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause...
4 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary...
4 affected packages
rails, rails-4.0, ruby-actionpack-2.3, ruby-actionpack-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-actionpack-2.3 | — | — | — | Not in release |
| ruby-actionpack-3.2 | — | — | — | Not in release |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to...
6 affected packages
rails, rails-4.0, ruby-activerecord-2.3, ruby-activerecord-3.2, ruby-rails-2.3, ruby-rails-3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rails | — | — | — | Not affected |
| rails-4.0 | — | — | — | Not in release |
| ruby-activerecord-2.3 | — | — | — | Not in release |
| ruby-activerecord-3.2 | — | — | — | Not in release |
| ruby-rails-2.3 | — | — | — | Not in release |
| ruby-rails-3.2 | — | — | — | Not in release |