Showing 829 of 829 total issues
Reflective XSS Vulnerability in Ruby on Rails Open
actionpack (3.2.13)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-4491
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998
Solution: upgrade to ~> 3.2.16, >= 4.0.2
Possible Denial of Service attack in Active Support Open
activesupport (3.2.13)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-3227
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk
Solution: upgrade to >= 4.2.2, ~> 4.1.11, ~> 3.2.22
i18n missing translation error message XSS Open
i18n (0.6.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-4492
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998
Solution: upgrade to ~> 0.5.1, >= 0.6.6
CVE-2015-9097 rubygem-mail: SMTP injection via recipient email addresses Open
mail (2.5.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-9097
Criticality: Medium
URL: https://hackerone.com/reports/137631
Solution: upgrade to >= 2.5.5
Directory Traversal Vulnerability With Certain Route Configurations Open
actionpack (3.2.13)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-0130
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o
Solution: upgrade to ~> 3.2.18, ~> 4.0.5, >= 4.1.1
Timing attack vulnerability in basic authentication in Action Controller. Open
actionpack (3.2.13)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-7576
Criticality: Low
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting Open
activerecord (3.2.13)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-3482
URL: https://nvd.nist.gov/vuln/detail/CVE-2014-3482
Solution: upgrade to ~> 3.2.19
Possible Object Leak and Denial of Service attack in Action Pack Open
actionpack (3.2.13)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-0751
Criticality: High
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
Possible Information Leak Vulnerability in Action View Open
actionpack (3.2.13)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-0752
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00
Solution: upgrade to >= 5.0.0.beta1.1, >= 4.2.5.1, ~> 4.2.5, >= 4.1.14.1, ~> 4.1.14, ~> 3.2.22.1
Possible Information Leak Vulnerability in Action View Open
actionpack (3.2.13)
- Read upRead up
- Exclude checks
Advisory: CVE-2016-2097
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4
Solution: upgrade to ~> 3.2.22.2, ~> 4.1.14, >= 4.1.14.2
CVE-2014-2538 rubygem rack-ssl: URL error display XSS Open
rack-ssl (1.3.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-2538
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2014-2538
Solution: upgrade to >= 1.3.4
Arbitrary file existence disclosure in Action Pack Open
actionpack (3.2.13)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-7829
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk
Solution: upgrade to ~> 3.2.21, ~> 4.0.11.1, ~> 4.0.12, ~> 4.1.7.1, >= 4.1.8
Potential Denial of Service Vulnerability in Rack Open
rack (1.4.5)
- Read upRead up
- Exclude checks
Advisory: CVE-2015-3225
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc
Solution: upgrade to >= 1.6.2, ~> 1.5.4, ~> 1.4.6
redis-namespace Gem for Ruby contains a flaw in the method_missing implementation Open
redis-namespace (1.3.0)
- Read upRead up
- Exclude checks
Advisory: OSVDB-96425
URL: http://blog.steveklabnik.com/posts/2013-08-03-redis-namespace-1-3-1--security-release
Solution: upgrade to >= 1.3.1, ~> 1.2.2, ~> 1.1.1, ~> 1.0.4
XSS Vulnerability in number_to_currency Open
actionpack (3.2.13)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-6415
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0
Solution: upgrade to ~> 3.2.16, >= 4.0.2
CVE-2013-6460 rubygem-nokogiri: DoS while parsing XML documents Open
nokogiri (1.5.9)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-6460
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-6460
Solution: upgrade to ~> 1.5.11, >= 1.6.1
CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure Open
sprockets (2.2.2)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-7819
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
Solution: upgrade to ~> 2.0.5, ~> 2.1.4, ~> 2.2.3, ~> 2.3.3, ~> 2.4.6, ~> 2.5.1, ~> 2.7.1, ~> 2.8.3, ~> 2.9.4, ~> 2.10.2, ~> 2.11.3, ~> 2.12.3, >= 3.0.0.beta.3
Arbitrary file existence disclosure in Action Pack Open
actionpack (3.2.13)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-7818
Criticality: Medium
URL: https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo
Solution: upgrade to ~> 3.2.20, ~> 4.0.11, ~> 4.1.7, >= 4.2.0.beta3
CSRF token fixation attacks in Devise Open
devise (2.2.4)
- Read upRead up
- Exclude checks
Advisory: OSVDB-114435
URL: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/
Solution: upgrade to ~> 2.2.5, >= 3.0.1
CVE-2013-4389 rubygem-actionmailer: email address processing DoS Open
actionmailer (3.2.13)
- Read upRead up
- Exclude checks
Advisory: CVE-2013-4389
Criticality: Medium
URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4389
Solution: upgrade to >= 3.2.15