Search CVE reports

31 – 40 of 148 results

Detailed view

Sort by:

CVE-2022-32224

Medium priority

Needs evaluation

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2022-3704

Low priority

Ignored

** DISPUTED ** A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Not affected	Not affected	Not affected	Not affected	Not affected
rails-4.0	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2022-31129

Medium priority

Some fixes available 4 of 92

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...

11 affected packages

gnucash, mediawiki, node-moment, ntopng, odoo...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
gnucash	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
mediawiki	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
node-moment	Not affected	Fixed	Fixed	Fixed	Needs evaluation
ntopng	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
odoo	Needs evaluation	Needs evaluation	Not in release	Not in release	Not in release
omnidb	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Not in release
postfixadmin	Vulnerable	Fixed	Not affected	Not affected	Not affected
ruby-momentjs-rails	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Not in release
sabnzbdplus	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
syncthing	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
wordpress	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-32209

Medium priority

Needs evaluation

# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions...

1 affected package

ruby-rails-html-sanitizer

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ruby-rails-html-sanitizer	Not affected	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-27777

Medium priority

Needs evaluation

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

9 affected packages

rails, rails-4.0, redmine, ruby-actionpack-2.3, ruby-actionpack-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	Not in release	Not in release	Not in release	Not in release	Not in release
redmine	Not in release	—	Needs evaluation	Needs evaluation	Needs evaluation
ruby-actionpack-2.3	—	—	—	—	—
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2022-22577

Medium priority

Needs evaluation

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2022-21831

Medium priority

Needs evaluation

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2022-23633

Medium priority

Needs evaluation

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rails-4.0	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2021-44528

Medium priority

Vulnerable

A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in...

7 affected packages

rails, rails-4.0, ruby-actionpack-3.2, ruby-activemodel-3.2, ruby-activerecord-3.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	Vulnerable	Vulnerable	Not affected	Not affected	Not affected
rails-4.0	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-actionpack-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activemodel-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activerecord-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-activesupport-3.2	Not in release	Not in release	Not in release	Not in release	Not in release
ruby-rails-3.2	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2011-1497

Medium priority

Ignored

A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.

2 affected packages

rails, ruby-rails-2.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rails	—	—	—	—	Not affected
ruby-rails-2.3	—	—	—	—	Not in release

Export to JSON

Results by page: