pkg:Debian/rails

All known vulnerabilities

• HIGH7.5CVE-2019-5418⚠ KEVrails - security update
  from 0, < 2:4.1.8-1+deb8u5
• HIGH7.5CVE-2019-5418⚠ KEVrails - security update
  from 0, < 2:5.2.2.1+dfsg-1
• HIGH7.5⚠ KEVDirectory traversal vulnerability in Action View in Ruby on Rails
  from 0, < 2:4.2.5.1-1
• CRITICAL9.8Rails Active Storage has possible Path Traversal in DiskService
  from 0
• CRITICAL9.8Active Record RCE bug with Serialized Columns
  from 0, < 2:6.0.3.7+dfsg-2+deb11u5
• CRITICAL9.8rails - security update
  from 0, < 2:5.2.2.1+dfsg-1+deb10u4
• CRITICAL9.8rails - security update
  from 0, < 2:6.0.3.7+dfsg-2+deb11u1
• CRITICAL9.8ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
  from 0, < 2:5.2.4.3+dfsg-1
• CRITICAL9.8Use of Insufficiently Random Values in Railties Allows Remote Code Execution
  from 0, < 2:5.2.2.1+dfsg-1
• CRITICAL9.8rails vulnerable to improper authentication
  from 0, < 2.3.5-1
• CRITICAL9.1Rails Active Storage has possible glob injection in its DiskService
  from 0
• HIGH8.8SQL Injection Vulnerability via ActiveRecord comments
  from 0, < 2:6.0.3.7+dfsg-2+deb11u1
• HIGH8.8rails - security update
  from 0, < 2:4.2.7.1-1+deb9u3
• HIGH8.8rails - security update
  from 0, < 2:5.2.0+dfsg-2
• HIGH8.1SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL com…
  from 0
• HIGH8.1SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL comma…
  from 0
• HIGH8.1SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL comma…
  from 0
• HIGH8.1SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL com…
  from 0
• HIGH7.5Rails Active Support has a possible DoS vulnerability in its number helpers
  from 0
• HIGH7.5Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests
  from 0
• HIGH7.5ReDoS based DoS vulnerability in Action Dispatch
  from 0, < 2:6.0.3.7+dfsg-2+deb11u1
• HIGH7.5ReDoS based DoS vulnerability in Active Support's underscore
  from 0, < 2:6.0.3.7+dfsg-2+deb11u1
• HIGH7.5rails - security update
  from 0, < 2:6.0.3.7+dfsg-2+deb11u3
• HIGH7.5rails - security update
  from 0, < 2:6.0.3.7+dfsg-2+deb11u3
• HIGH7.5ReDoS based DoS vulnerability in Action Dispatch
  from 0, < 2:6.0.3.7+dfsg-2+deb11u1
• HIGH7.5Possible DoS Vulnerability in Action Controller Token Authentication
  from 0, < 2:6.0.3.7+dfsg-1
• HIGH7.5rails - security update
  from 0, < 2:4.2.7.1-1+deb9u5
• HIGH7.5rails - security update
  from 0, < 2:6.0.3.7+dfsg-1
• HIGH7.5Denial of Service in Action Dispatch
  from 0, < 2:6.0.3.7+dfsg-1
• HIGH7.5rails - security update
  from 0, < 2:5.2.2.1+dfsg-1+deb10u3
• HIGH7.5rails - security update
  from 0, < 2:6.0.3.5+dfsg-1
• HIGH7.5Circumvention of file size limits in ActiveStorage
  from 0, < 2:5.2.4.3+dfsg-1
• HIGH7.5rails - security update
  from 0, < 2:4.1.8-1+deb8u7
• HIGH7.5rails - security update
  from 0, < 2:5.2.4.3+dfsg-1
• HIGH7.5Denial of Service Vulnerability in Action View
  from 0, < 2:5.2.2.1+dfsg-1
• HIGH7.5Improper Access Control in activejob
  from 0, < 2:5.2.2+dfsg-1
• HIGH7.5actionpack is vulnerable to denial of service because of a wildcard controller route
  from 0, < 2:4.2.5.1-1
• HIGH7.5actionpack is vulnerable to denial of service via a crafted HTTP Accept header
  from 0, < 2:4.2.5.1-1
• HIGH7.5ActiveRecord in Ruby on Rails allows database-query bypass
  from 0, < 2:4.2.7.1-1
• HIGH7.4Exposure of information in Action Pack
  from 0, < 2:6.0.3.7+dfsg-2+deb11u1
• HIGH7.3actionpack allows remote code execution via application's unrestricted use of render method
  from 0, < 2:4.2.5.2-1
• MEDIUM6.5Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests
  from 0
• MEDIUM6.5CSRF Vulnerability in rails-ujs
  from 0, < 2:5.2.4.3+dfsg-1
• MEDIUM6.5The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.
  from 0
• MEDIUM6.5Exposure of Sensitive Information to an Unauthorized Actor in activestorage
  from 0, < 2:5.2.2+dfsg-1
• MEDIUM6.3rails - security update
  from 0, < 2:6.0.3.7+dfsg-2+deb11u2
• MEDIUM6.3rails - security update
  from 0, < 2:6.0.3.7+dfsg-2+deb11u2
• MEDIUM6.1Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
  from 0
• MEDIUM6.1XSS Vulnerability in Action View tag helpers
  from 0, < 2:6.0.3.7+dfsg-2+deb11u1
• MEDIUM6.1Cross-site Scripting Vulnerability in Action Pack
  from 0, < 2:6.0.3.7+dfsg-2+deb11u1
• MEDIUM6.1actionpack Open Redirect in Host Authorization Middleware
  from 0, < 2:6.0.3.7+dfsg-2+deb11u1
• MEDIUM6.1rails - security update
  from 0, < 2:6.0.3.7+dfsg-2+deb11u1
• MEDIUM6.1rails - security update
  from 0, < 2:6.0.3.7+dfsg-2+deb11u1
• MEDIUM6.1Cross-site scripting in actionpack
  from 0, < 2:6.0.3.4+dfsg-1
• MEDIUM6.1Actionpack Open Redirect Vulnerability
  from 0, < 2:6.0.3.5+dfsg-1
• MEDIUM6.1rails - security update
  from 0, < 2:4.2.7.1-1
• MEDIUM6.1rails - security update
  from 0, < 2:4.1.8-1+deb8u4
• MEDIUM5.5Active Support Possibly Discloses Locally Encrypted Files
  from 0, < 2:6.0.3.7+dfsg-2+deb11u3
• MEDIUM5.4Action Pack is missing security headers on non-HTML responses
  from 0, < 2:6.1.7.10+dfsg-1~deb12u1
• MEDIUM5.4A vulnerability classified as problematic has been found in Ruby on Rails.
  from 0
• MEDIUM5.4rails - security update
  from 0, < 2:5.2.2.1+dfsg-1+deb10u2
• MEDIUM5.4rails - security update
  from 0, < 2:6.0.3.3+dfsg-1
• MEDIUM5.4rails - security update
  from 0, < 2:4.2.7.1-1+deb9u4
• MEDIUM5.3Rails Active Storage has possible content type bypass via metadata in direct uploads
  from 0
• MEDIUM5.3Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
  from 0
• MEDIUM5.3Possible Sensitive Session Information Leak in Active Storage
  from 0, < 2:6.1.7.10+dfsg-1~deb12u1
• MEDIUM5.3Possible XSS Security Vulnerability in SafeBuffer#bytesplice
  from 0, < 2:6.0.3.7+dfsg-2+deb11u2
• MEDIUM5.3ruby-activerecord-3.2 - security update
  from 0, < 2:4.2.5.1-1
• MEDIUM5.3rails - security update
  from 0, < 2:4.2.5.2-1
• MEDIUM5.3rails - security update
  from 0, < 2:4.1.8-1+deb8u2
• MEDIUM5.3ruby-activerecord-3.2 - security update
  from 0, < 2:4.2.5.1-1
• MEDIUM4.8rails - security update
  from 0, < 2:4.1.8-1+deb8u6
• MEDIUM4.8rails - security update
  from 0, < 2:5.2.4.1+dfsg-2
• MEDIUM4.3Ability to forge per-form CSRF tokens in Rails
  from 0, < 2:5.2.4.3+dfsg-1
• MEDIUM4.0rails - security update
  from 0, < 2:6.1.7.10+dfsg-1~deb12u1
• MEDIUM4.0rails - security update
  from 0, < 2:6.0.3.7+dfsg-2+deb11u3
• LOW3.7ruby-actionpack-3.2 - security update
  from 0, < 2:4.2.5.1-1
• —Rails has a possible XSS vulnerability in its Action View tag helpers
  from 0
• —rails - security update
  from 0, < 2:6.0.3.7+dfsg-2+deb11u4
• —rails - security update
  from 0, < 2:6.1.7.10+dfsg-1~deb12u2
• —rails - security update
  from 0, < 2:6.0.3.7+dfsg-2+deb11u4
• —Active Record logging vulnerable to ANSI escape injection
  from 0, < 2:6.0.3.7+dfsg-2+deb11u4
• —Possible Content Security Policy bypass in Action Dispatch
  from 0, < 2:6.0.3.7+dfsg-2+deb11u3
• —Action Mailer has possible ReDoS vulnerability in block_format
  from 0, < 2:6.0.3.7+dfsg-2+deb11u3
• —Action Text has possible ReDoS vulnerability in plain_text_for_blockquote_node
  from 0, < 2:6.0.3.7+dfsg-2+deb11u3
• —Action Controller has possible ReDoS vulnerability in HTTP Token authentication
  from 0, < 2:6.0.3.7+dfsg-2+deb11u3
• —Action Dispatch has possible ReDoS vulnerability in query parameter filtering
  from 0, < 2:6.0.3.7+dfsg-2+deb11u3
• —Authlogic Information Exposure vulnerability
  from 0, < 2.3.14.1
• —Active Record component in Ruby on Rails has a data-type injection vulnerability
  from 0, < 2.3.14.1
• —rails - several
  from 0, < 2.3.5-1.2+squeeze8
• —Rails Denial of Service vulnerability
  from 0, < 1.1.6-1
• —activesupport Cross-site Scripting vulnerability
  from 0, < 2.3.14
• —rails - cross site scripting
  from 0, < 2.3.14
• —rails - several
  from 0, < 2.3.14
• —actionpack Improper Input Validation vulnerability
  from 0
• —actionpack CRLF injection vulnerability
  from 0, < 2.3.14
• —activerecord vulnerable to SQL Injection
  from 0, < 2.3.14
• —actionpack Cross-site Scripting vulnerability
  from 0, < 2.3.14
• —actionpack Cross-Site Request Forgery vulnerability
  from 0, < 2.3.11-0.1
• —rails - several vulnerabilities
  from 0, < 2.3.11-0.1
• —rails - several
  from 0, < 2.2.3-2
• —rails - cross-site scripting
  from 0, < 2.2.3-1
• —rails - several
  from 0, < 2.2.3-1
• —Improper Input Validation in actionpack
  from 0, < 2.2.3-1
• —rails is vulnerable to CRLF injection
  from 0, < 2.1.0-6
• —rails - cross-site scripting
  from 0, < 2.1.0-7
• —rails - several
  from 0, < 2.3.5-1.2+squeeze1
• —rails - several vulnerabilities
  from 0, < 2.3.5-1.2+squeeze0.1
• —rails - several
  from 0, < 2.1.0-7+lenny0.2
• —rails - cross site scripting
  from 0, < 2.3.5-1.2+squeeze3
• —Rails ActiveRecord gem vulnerable to SQL injection
  from 0, < 2.1.0-1
• —Session fixation vulnerability in Rails
  from 0, < 1.2.5-1
• —session fixation protection mechanism in cgi_process.rb in Rails
  from 0, < 1.2.6-1
• —Moderate severity vulnerability that affects rails
  from 0, < 1.2.5-1
• —Moderate severity vulnerability that affects rails
  from 0, < 1.2.5-1
• —Ruby on Rails vulnerable to code injection
  from 0, < 1.1.5-1
• —rails - insufficient input validation
  from 0, < 2.3.14.1
• —rails - insufficient input validation
  from 0, < 2.3.14.1
• —Active Record contains deserialization of arbitrary YAML
  from 0, < 2.3.14.1
• —rails - several
  from 0, < 2.3.14.1
• —Active Record Improper Input Validation
  from 0, < 2.3.14.1
• —actionpack Cross-site Scripting vulnerability
  from 0, < 2.3.14.1
• —actionpack Cross-site Scripting vulnerability
  from 0, < 2.3.14.1
• —activesupport Cross-site Scripting vulnerability
  from 0, < 2.3.14.1
• —rails - input validation error
  from 0, < 2.3.5-1.2+squeeze4
• —rails - insufficient input validation
  from 0, < 2.3.5-1.2+squeeze6
• —rails - insufficient input validation
  from 0, < 2.3.5-1.2+squeeze4.1
• —rails - SQL query manipulation
  from 0, < 2.3.5-1.2+squeeze5
• —rails - several
  from 0, < 2.3.5-1.2+squeeze7
• —rails - SQL query manipulation
  from 0, < 2.3.14.1
• —rails - input validation error
  from 0, < 2.3.14.1
• —actionpack Cross-site Scripting vulnerability
  from 0, < 2.3.14.1
• —rails - security update
  from 0, < 2:4.2.4-2
• —Active Record contains SQL Injection via improper range quoting
  from 0, < 2:4.1.4-1
• —Active Record subject to strong parameters protection bypass
  from 0, < 2:4.1.5-1
• —ruby-activerecord-3.2 - security update
  from 0, < 2:4.1.4-1
• —Directory traversal vulnerability in actionpack
  from 0, < 2:4.1.8-1
• —rails - security update
  from 0, < 2:4.1.8-1+deb8u1
• —ruby-activesupport-3.2 - security update
  from 0, < 2:4.2.4-2
• —actionpack vulnerable to Path Traversal
  from 0, < 2:4.1.8-1
• —ruby-actionpack-3.2 - security update
  from 0, < 2.3.14.1
• —actionpack Improper Input Validation vulnerability
  from 0, < 2.3.14.1