Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|
CVE-2024-54133 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Action Pack is a framework for handling and responding to web requests ... |
CVE-2024-47889 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Action Mailer is a framework for designing email service layers. Start ... |
CVE-2024-47888 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Action Text brings rich text content and editing to Rails. Starting in ... |
CVE-2024-47887 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Action Pack is a framework for handling and responding to web requests ... |
CVE-2024-41128 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Action Pack is a framework for handling and responding to web requests ... |
CVE-2024-28103 | vulnerable | vulnerable | fixed | fixed | vulnerable (no DSA) | vulnerable | vulnerable | Action Pack is a framework for handling and responding to web requests ... |
CVE-2024-26144 | vulnerable | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Rails is a web-application framework. Starting with version 5.2.0, the ... |
CVE-2023-38037 | vulnerable | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Active Support Possibly Discloses Locally Encrypted Files |
CVE-2023-28362 | vulnerable | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Possible XSS via User Supplied Values to redirect_to |
CVE-2023-28120 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | |
CVE-2023-23913 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | |
CVE-2023-22796 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | A regular expression based DoS vulnerability in Active Support <6.1.7. ... |
CVE-2023-22795 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | A regular expression based DoS vulnerability in Action Dispatch <6.1.7 ... |
CVE-2023-22794 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 relate ... |
CVE-2023-22792 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | A regular expression based DoS vulnerability in Action Dispatch <6.0.6 ... |
CVE-2022-44566 | vulnerable | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | fixed | A denial of service vulnerability present in ActiveRecord's PostgreSQL ... |
CVE-2022-32224 | vulnerable | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | fixed | A possible escalation to RCE vulnerability exists when using YAML seri ... |
CVE-2022-27777 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 wh ... |
CVE-2022-23633 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Action Pack is a framework for handling and responding to web requests ... |
CVE-2022-22577 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could al ... |
CVE-2022-21831 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | A code injection vulnerability exists in the Active Storage >= v5.2.0 ... |
CVE-2021-44528 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | A open redirect vulnerability exists in Action Pack >= 6.0.0 that coul ... |
CVE-2021-22942 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | A possible open redirect vulnerability in the Host Authorization middl ... |
Bug | Description |
---|
CVE-2024-32464 | Action Text brings rich text content and editing to Rails. Instances o ... |
CVE-2024-26143 | Rails is a web-application framework. There is a possible XSS vulnerab ... |
CVE-2024-26142 | Rails is a web-application framework. Starting in version 7.1.0, there ... |
CVE-2023-22797 | An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new ... |
CVE-2021-22904 | The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffer ... |
CVE-2021-22903 | The actionpack ruby gem before 6.1.3.2 suffers from a possible open re ... |
CVE-2021-22902 | The actionpack ruby gem (a framework for handling and responding to we ... |
CVE-2021-22885 | A possible information disclosure / unintended method execution vulner ... |
CVE-2021-22881 | The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3 ... |
CVE-2021-22880 | The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4 ... |
CVE-2020-15169 | In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potentia ... |
CVE-2020-8264 | In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when a ... |
CVE-2020-8185 | A denial of service vulnerability exists in Rails <6.0.3.2 that allowe ... |
CVE-2020-8167 | A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that co ... |
CVE-2020-8166 | A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 th ... |
CVE-2020-8165 | A deserialization of untrusted data vulnernerability exists in rails < ... |
CVE-2020-8164 | A deserialization of untrusted data vulnerability exists in rails < 5. ... |
CVE-2020-8163 | The is a code injection vulnerability in versions of Rails prior to 5. ... |
CVE-2020-8162 | A client side enforcement of server side security vulnerability exists ... |
CVE-2020-8151 | There is a possible information disclosure issue in Active Resource <v ... |
CVE-2020-5267 | In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ... |
CVE-2019-5420 | A remote code execution vulnerability in development mode Rails <5.2.2 ... |
CVE-2019-5419 | There is a possible denial of service vulnerability in Action View (Ra ... |
CVE-2019-5418 | There is a File Content Disclosure vulnerability in Action View <5.2.2 ... |
CVE-2018-16477 | A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Sto ... |
CVE-2018-16476 | A Broken Access Control vulnerability in Active Job versions >= 4.2.0 ... |
CVE-2016-6317 | Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly ... |
CVE-2016-6316 | Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rai ... |
CVE-2016-2098 | Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and ... |
CVE-2016-2097 | Directory traversal vulnerability in Action View in Ruby on Rails befo ... |
CVE-2016-0753 | Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2. ... |
CVE-2016-0752 | Directory traversal vulnerability in Action View in Ruby on Rails befo ... |
CVE-2016-0751 | actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Rub ... |
CVE-2015-7581 | actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in ... |
CVE-2015-7577 | activerecord/lib/active_record/nested_attributes.rb in Active Record i ... |
CVE-2015-7576 | The http_basic_authenticate_with method in actionpack/lib/action_contr ... |
CVE-2015-3227 | The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby ... |
CVE-2015-3226 | Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active ... |
CVE-2014-7829 | Directory traversal vulnerability in actionpack/lib/action_dispatch/mi ... |
CVE-2014-7818 | Directory traversal vulnerability in actionpack/lib/action_dispatch/mi ... |
CVE-2014-3514 | activerecord/lib/active_record/relation/query_methods.rb in Active Rec ... |
CVE-2014-3483 | SQL injection vulnerability in activerecord/lib/active_record/connecti ... |
CVE-2014-3482 | SQL injection vulnerability in activerecord/lib/active_record/connecti ... |
CVE-2014-0082 | actionpack/lib/action_view/template/text.rb in Action View in Ruby on ... |
CVE-2014-0081 | Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/ ... |
CVE-2014-0080 | SQL injection vulnerability in activerecord/lib/active_record/connecti ... |
CVE-2013-6417 | actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ... |
CVE-2013-6416 | Cross-site scripting (XSS) vulnerability in the simple_format helper i ... |
CVE-2013-6415 | Cross-site scripting (XSS) vulnerability in the number_to_currency hel ... |
CVE-2013-6414 | actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ... |
CVE-2013-4491 | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ... |
CVE-2013-4389 | Multiple format string vulnerabilities in log_subscriber.rb files in t ... |
CVE-2013-3221 | The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ... |
CVE-2013-1857 | The sanitize helper in lib/action_controller/vendor/html-scanner/html/ ... |
CVE-2013-1856 | The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini ... |
CVE-2013-1855 | The sanitize_css method in lib/action_controller/vendor/html-scanner/h ... |
CVE-2013-1854 | The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1. ... |
CVE-2013-0333 | lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before ... |
CVE-2013-0277 | ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allow ... |
CVE-2013-0276 | ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and ... |
CVE-2013-0156 | active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2. ... |
CVE-2013-0155 | Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x befo ... |
CVE-2012-6497 | The Authlogic gem for Ruby on Rails, when used with certain versions b ... |
CVE-2012-6496 | SQL injection vulnerability in the Active Record component in Ruby on ... |
CVE-2012-3465 | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ... |
CVE-2012-3464 | Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ... |
CVE-2012-3463 | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ... |
CVE-2012-3424 | The decode_credentials method in actionpack/lib/action_controller/meta ... |
CVE-2012-2661 | The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1. ... |
CVE-2012-1099 | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ... |
CVE-2012-1098 | Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before ... |
CVE-2011-4319 | Cross-site scripting (XSS) vulnerability in the i18n translations help ... |
CVE-2011-3186 | CRLF injection vulnerability in actionpack/lib/action_controller/respo ... |
CVE-2011-2932 | Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ... |
CVE-2011-2931 | Cross-site scripting (XSS) vulnerability in the strip_tags helper in a ... |
CVE-2011-2930 | Multiple SQL injection vulnerabilities in the quote_table_name method ... |
CVE-2011-2929 | The template selection functionality in actionpack/lib/action_view/tem ... |
CVE-2011-2197 | The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x ... |
CVE-2011-1497 | A cross-site scripting vulnerability flaw was found in the auto_link f ... |
CVE-2011-0449 | actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x ... |
CVE-2011-0448 | Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the ... |
CVE-2011-0447 | Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3. ... |
CVE-2011-0446 | Multiple cross-site scripting (XSS) vulnerabilities in the mail_to hel ... |
CVE-2010-3933 | Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attribut ... |
CVE-2009-4214 | Cross-site scripting (XSS) vulnerability in the strip_tags function in ... |
CVE-2009-3086 | A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x be ... |
CVE-2009-3009 | Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2 ... |
CVE-2009-2422 | The example code for the digest authentication functionality (http_aut ... |
CVE-2008-7248 | Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ... |
CVE-2008-5189 | CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remo ... |
CVE-2008-4094 | Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 a ... |
CVE-2007-6077 | The session fixation protection mechanism in cgi_process.rb in Rails 1 ... |
CVE-2007-5380 | Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ... |
CVE-2007-5379 | Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ... |
CVE-2007-3227 | Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord: ... |
CVE-2006-4112 | Unspecified vulnerability in the "dependency resolution mechanism" in ... |
CVE-2006-4111 | Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby cod ... |