Information on source package rails

Available versions

ReleaseVersion
jessie2:4.1.8-1+deb8u9
stretch2:4.2.7.1-1+deb9u5
buster2:5.2.2.1+dfsg-1+deb10u5
bullseye2:6.0.3.7+dfsg-2+deb11u2
bookworm2:6.1.7.3+dfsg-2~deb12u1
trixie2:6.1.7.3+dfsg-4
sid2:6.1.7.3+dfsg-4

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-28103vulnerablevulnerablefixedfixedvulnerable (no DSA)vulnerablevulnerableAction Pack is a framework for handling and responding to web requests ...
CVE-2024-26144vulnerablevulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableRails is a web-application framework. Starting with version 5.2.0, the ...
CVE-2023-38037vulnerablevulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableActive Support Possibly Discloses Locally Encrypted Files
CVE-2023-28362vulnerablevulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerablePossible XSS via User Supplied Values to redirect_to
CVE-2023-28120vulnerablevulnerablevulnerablefixedfixedfixedfixed
CVE-2023-23913vulnerablevulnerablevulnerablefixedfixedfixedfixed
CVE-2023-22796vulnerablevulnerablevulnerablefixedfixedfixedfixedA regular expression based DoS vulnerability in Active Support <6.1.7. ...
CVE-2023-22795vulnerablevulnerablevulnerablefixedfixedfixedfixedA regular expression based DoS vulnerability in Action Dispatch <6.1.7 ...
CVE-2023-22794vulnerablevulnerablefixedfixedfixedfixedfixedA vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 relate ...
CVE-2023-22792vulnerablevulnerablevulnerablefixedfixedfixedfixedA regular expression based DoS vulnerability in Action Dispatch <6.0.6 ...
CVE-2022-44566vulnerablevulnerablevulnerablevulnerable (no DSA)fixedfixedfixedA denial of service vulnerability present in ActiveRecord's PostgreSQL ...
CVE-2022-32224vulnerablevulnerablevulnerablevulnerable (no DSA)fixedfixedfixedA possible escalation to RCE vulnerability exists when using YAML seri ...
CVE-2022-27777vulnerablevulnerablefixedfixedfixedfixedfixedA XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 wh ...
CVE-2022-23633vulnerablevulnerablefixedfixedfixedfixedfixedAction Pack is a framework for handling and responding to web requests ...
CVE-2022-22577vulnerablevulnerablefixedfixedfixedfixedfixedAn XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could al ...
CVE-2022-21831vulnerablevulnerablefixedfixedfixedfixedfixedA code injection vulnerability exists in the Active Storage >= v5.2.0 ...
CVE-2022-3704vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableA vulnerability classified as problematic has been found in Ruby on Ra ...
CVE-2021-44528vulnerablefixedfixedfixedfixedfixedfixedA open redirect vulnerability exists in Action Pack >= 6.0.0 that coul ...
CVE-2021-22942vulnerablefixedfixedfixedfixedfixedfixedA possible open redirect vulnerability in the Host Authorization middl ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2017-17920vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableSQL injection vulnerability in the 'reorder' method in Ruby on Rails 5 ...
CVE-2017-17919vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableSQL injection vulnerability in the 'order' method in Ruby on Rails 5.1 ...
CVE-2017-17917vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableSQL injection vulnerability in the 'where' method in Ruby on Rails 5.1 ...
CVE-2017-17916vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableSQL injection vulnerability in the 'find_by' method in Ruby on Rails 5 ...
CVE-2011-3187vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableThe to_s method in actionpack/lib/action_dispatch/middleware/remote_ip ...
CVE-2010-3299vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableThe encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ...

Resolved issues

BugDescription
CVE-2024-32464Action Text brings rich text content and editing to Rails. Instances o ...
CVE-2024-26143Rails is a web-application framework. There is a possible XSS vulnerab ...
CVE-2024-26142Rails is a web-application framework. Starting in version 7.1.0, there ...
CVE-2023-22797An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new ...
CVE-2021-22904The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffer ...
CVE-2021-22903The actionpack ruby gem before 6.1.3.2 suffers from a possible open re ...
CVE-2021-22902The actionpack ruby gem (a framework for handling and responding to we ...
CVE-2021-22885A possible information disclosure / unintended method execution vulner ...
CVE-2021-22881The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3 ...
CVE-2021-22880The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4 ...
CVE-2020-15169In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potentia ...
CVE-2020-8264In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when a ...
CVE-2020-8185A denial of service vulnerability exists in Rails <6.0.3.2 that allowe ...
CVE-2020-8167A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that co ...
CVE-2020-8166A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 th ...
CVE-2020-8165A deserialization of untrusted data vulnernerability exists in rails < ...
CVE-2020-8164A deserialization of untrusted data vulnerability exists in rails < 5. ...
CVE-2020-8163The is a code injection vulnerability in versions of Rails prior to 5. ...
CVE-2020-8162A client side enforcement of server side security vulnerability exists ...
CVE-2020-8151There is a possible information disclosure issue in Active Resource <v ...
CVE-2020-5267In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ...
CVE-2019-5420A remote code execution vulnerability in development mode Rails <5.2.2 ...
CVE-2019-5419There is a possible denial of service vulnerability in Action View (Ra ...
CVE-2019-5418There is a File Content Disclosure vulnerability in Action View <5.2.2 ...
CVE-2018-16477A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Sto ...
CVE-2018-16476A Broken Access Control vulnerability in Active Job versions >= 4.2.0 ...
CVE-2016-6317Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly ...
CVE-2016-6316Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rai ...
CVE-2016-2098Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and ...
CVE-2016-2097Directory traversal vulnerability in Action View in Ruby on Rails befo ...
CVE-2016-0753Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2. ...
CVE-2016-0752Directory traversal vulnerability in Action View in Ruby on Rails befo ...
CVE-2016-0751actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Rub ...
CVE-2015-7581actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in ...
CVE-2015-7577activerecord/lib/active_record/nested_attributes.rb in Active Record i ...
CVE-2015-7576The http_basic_authenticate_with method in actionpack/lib/action_contr ...
CVE-2015-3227The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby ...
CVE-2015-3226Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active ...
CVE-2014-7829Directory traversal vulnerability in actionpack/lib/action_dispatch/mi ...
CVE-2014-7818Directory traversal vulnerability in actionpack/lib/action_dispatch/mi ...
CVE-2014-3514activerecord/lib/active_record/relation/query_methods.rb in Active Rec ...
CVE-2014-3483SQL injection vulnerability in activerecord/lib/active_record/connecti ...
CVE-2014-3482SQL injection vulnerability in activerecord/lib/active_record/connecti ...
CVE-2014-0082actionpack/lib/action_view/template/text.rb in Action View in Ruby on ...
CVE-2014-0081Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/ ...
CVE-2014-0080SQL injection vulnerability in activerecord/lib/active_record/connecti ...
CVE-2013-6417actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...
CVE-2013-6416Cross-site scripting (XSS) vulnerability in the simple_format helper i ...
CVE-2013-6415Cross-site scripting (XSS) vulnerability in the number_to_currency hel ...
CVE-2013-6414actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ...
CVE-2013-4491Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...
CVE-2013-4389Multiple format string vulnerabilities in log_subscriber.rb files in t ...
CVE-2013-3221The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ...
CVE-2013-1857The sanitize helper in lib/action_controller/vendor/html-scanner/html/ ...
CVE-2013-1856The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini ...
CVE-2013-1855The sanitize_css method in lib/action_controller/vendor/html-scanner/h ...
CVE-2013-1854The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1. ...
CVE-2013-0333lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before ...
CVE-2013-0277ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allow ...
CVE-2013-0276ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and ...
CVE-2013-0156active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2. ...
CVE-2013-0155Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x befo ...
CVE-2012-6497The Authlogic gem for Ruby on Rails, when used with certain versions b ...
CVE-2012-6496SQL injection vulnerability in the Active Record component in Ruby on ...
CVE-2012-3465Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...
CVE-2012-3464Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...
CVE-2012-3463Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...
CVE-2012-3424The decode_credentials method in actionpack/lib/action_controller/meta ...
CVE-2012-2661The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1. ...
CVE-2012-1099Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...
CVE-2012-1098Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before ...
CVE-2011-4319Cross-site scripting (XSS) vulnerability in the i18n translations help ...
CVE-2011-3186CRLF injection vulnerability in actionpack/lib/action_controller/respo ...
CVE-2011-2932Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...
CVE-2011-2931Cross-site scripting (XSS) vulnerability in the strip_tags helper in a ...
CVE-2011-2930Multiple SQL injection vulnerabilities in the quote_table_name method ...
CVE-2011-2929The template selection functionality in actionpack/lib/action_view/tem ...
CVE-2011-2197The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x ...
CVE-2011-1497A cross-site scripting vulnerability flaw was found in the auto_link f ...
CVE-2011-0449actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x ...
CVE-2011-0448Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the ...
CVE-2011-0447Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3. ...
CVE-2011-0446Multiple cross-site scripting (XSS) vulnerabilities in the mail_to hel ...
CVE-2010-3933Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attribut ...
CVE-2009-4214Cross-site scripting (XSS) vulnerability in the strip_tags function in ...
CVE-2009-3086A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x be ...
CVE-2009-3009Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2 ...
CVE-2009-2422The example code for the digest authentication functionality (http_aut ...
CVE-2008-7248Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ...
CVE-2008-5189CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remo ...
CVE-2008-4094Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 a ...
CVE-2007-6077The session fixation protection mechanism in cgi_process.rb in Rails 1 ...
CVE-2007-5380Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ...
CVE-2007-5379Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ...
CVE-2007-3227Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord: ...
CVE-2006-4112Unspecified vulnerability in the "dependency resolution mechanism" in ...
CVE-2006-4111Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby cod ...

Security announcements

DSA / DLADescription
DSA-5389-1rails - security update
DSA-5372-1rails - security update
DLA-3093-2rails - regression update
DLA-3093-1rails - security update
DSA-4929-1rails - security update
DLA-2655-1rails - security update
ELA-425-1rails - security update
DLA-2403-1rails - security update
ELA-295-1rails - security update
DSA-4766-1rails - security update
DLA-2282-1rails - security update
DLA-2251-1rails - security update
DLA-2149-1rails - security update
DLA-1739-1rails - security update
DSA-3651-1rails - security update
DSA-3509-1rails - security update
DSA-3464-1rails - security update
DSA-2655-1rails - several
DSA-2620-1rails - several
DSA-2613-1rails - insufficient input validation
DSA-2609-1rails - SQL query manipulation
DSA-2604-1rails - insufficient input validation
DSA-2597-1rails - input validation error
DSA-2466-1rails - cross site scripting
DSA-2301-2rails - several
DSA-2301-1rails - several
DSA-2260-1rails - several
DSA-2247-1rails - several vulnerabilities
DSA-1887-1rails - cross-site scripting

Search for package or bug name: Reporting problems