Filtered by vendor Rubyonrails
Subscribe
Search
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32209 | 1 Rubyonrails | 1 Rails Html Sanitizers | 2022-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user). | |||||
| CVE-2022-22577 | 1 Rubyonrails | 1 Actionpack | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. | |||||
| CVE-2022-27777 | 1 Rubyonrails | 1 Actionpack | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | |||||
| CVE-2022-23634 | 2 Puma, Rubyonrails | 2 Puma, Rails | 2022-05-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability. | |||||
| CVE-2022-23633 | 1 Rubyonrails | 1 Rails | 2022-02-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. | |||||
| CVE-2021-44528 | 1 Rubyonrails | 1 Rails | 2022-01-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. | |||||
| CVE-2021-22881 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Rails | 2022-01-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website. | |||||
| CVE-2021-22942 | 1 Rubyonrails | 1 Rails | 2021-12-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. | |||||
| CVE-2011-1497 | 1 Rubyonrails | 1 Rails | 2021-10-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6. | |||||
| CVE-2020-8185 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Rails | 2021-10-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. | |||||
| CVE-2020-8167 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2021-10-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. | |||||
| CVE-2021-22903 | 1 Rubyonrails | 1 Rails | 2021-10-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`. | |||||
| CVE-2019-25025 | 1 Rubyonrails | 1 Active Record Session Store | 2021-03-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782. | |||||
| CVE-2020-8264 | 1 Rubyonrails | 1 Rails | 2021-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware. | |||||
| CVE-2020-8166 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2020-11-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. | |||||
| CVE-2020-5267 | 2 Debian, Rubyonrails | 2 Debian Linux, Actionview | 2020-10-05 | 3.5 LOW | 4.8 MEDIUM |
| In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. | |||||
| CVE-2010-3299 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2019-11-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | |||||
| CVE-2018-3741 | 1 Rubyonrails | 1 Html Sanitizer | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately. | |||||
| CVE-2018-16477 | 1 Rubyonrails | 1 Rails | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1. | |||||
| CVE-2016-2097 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752. | |||||
| CVE-2016-0753 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters. | |||||
| CVE-2015-7577 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature. | |||||
| CVE-2016-6316 | 2 Debian, Rubyonrails | 3 Debian Linux, Rails, Ruby On Rails | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers. | |||||
| CVE-2015-7580 | 1 Rubyonrails | 2 Html Sanitizer, Rails | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node. | |||||
| CVE-2015-7579 | 1 Rubyonrails | 2 Html Sanitizer, Rails | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class. | |||||
| CVE-2015-7578 | 1 Rubyonrails | 2 Html Sanitizer, Rails | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes. | |||||