Grupos
Grupos
Iniciar sesión
Grupos
Grupos
Ruby on Rails: Security
Conversaciones
Información
Enviar comentarios
Ayuda
Ruta de grupo
Ruby on Rails: Security
1-30 de 140
Marcar todo como leído
Denunciar grupo
0 grupos seleccionados
Aaron Patterson
22/2/24
Mailing List Retirement
Hi folks, This is an update just to let you all know we're retiring this mailing list. Actually
no leída,
Mailing List Retirement
Hi folks, This is an update just to let you all know we're retiring this mailing list. Actually
22/2/24
Aaron Patterson
12/7/22
[CVE-2022-32224] Possible RCE escalation bug with Serialized Columns in Active Record
There is a possible escalation to RCE when using YAML serialized columns in Active Record. This
no leída,
[CVE-2022-32224] Possible RCE escalation bug with Serialized Columns in Active Record
There is a possible escalation to RCE when using YAML serialized columns in Active Record. This
12/7/22
Mike Dalessio
9/6/22
[CVE-2022-32209] Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This
no leída,
[CVE-2022-32209] Possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer
There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This
9/6/22
Aaron Patterson
27/5/22
[CVE-2022-30123] Possible shell escape sequence injection vulnerability in Rack
There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger
no leída,
[CVE-2022-30123] Possible shell escape sequence injection vulnerability in Rack
There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger
27/5/22
Aaron Patterson
27/5/22
[CVE-2022-30122] Denial of Service Vulnerability in Rack Multipart Parsing
There is a possible denial of service vulnerability in the multipart parsing component of Rack. This
no leída,
[CVE-2022-30122] Denial of Service Vulnerability in Rack Multipart Parsing
There is a possible denial of service vulnerability in the multipart parsing component of Rack. This
27/5/22
Aaron Patterson
26/4/22
[CVE-2022-27777] Possible XSS Vulnerability in Action View tag helpers
There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash
no leída,
[CVE-2022-27777] Possible XSS Vulnerability in Action View tag helpers
There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash
26/4/22
Aaron Patterson
26/4/22
[CVE-2022-22577] Possible XSS Vulnerability in Action Pack
There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned
no leída,
[CVE-2022-22577] Possible XSS Vulnerability in Action Pack
There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned
26/4/22
Aaron Patterson
8/3/22
[CVE-2022-21831] Possible code injection vulnerability in Rails / Active Storage
There is a possible code injection vulnerability in the Active Storage module of Rails. This
no leída,
[CVE-2022-21831] Possible code injection vulnerability in Rails / Active Storage
There is a possible code injection vulnerability in the Active Storage module of Rails. This
8/3/22
Aaron Patterson
11/2/22
[CVE-2022-23633] Possible exposure of information vulnerability in Action Pack
## Impact Under certain circumstances response bodies will not be closed, for example a bug in a
no leída,
[CVE-2022-23633] Possible exposure of information vulnerability in Action Pack
## Impact Under certain circumstances response bodies will not be closed, for example a bug in a
11/2/22
Aaron Patterson
14/12/21
[CVE-2021-44528] Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack.
no leída,
[CVE-2021-44528] Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack.
14/12/21
Aaron Patterson
19/8/21
[CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware
# Possible Open Redirect in Host Authorization Middleware There is a possible open redirect
no leída,
[CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware
# Possible Open Redirect in Host Authorization Middleware There is a possible open redirect
19/8/21
Aaron Patterson
5/5/21
[CVE-2021-22904] Possible DoS Vulnerability in Action Controller Token Authentication
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This
no leída,
[CVE-2021-22904] Possible DoS Vulnerability in Action Controller Token Authentication
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This
5/5/21
Aaron Patterson
5/5/21
[CVE-2021-22885] Possible Information Disclosure / Unintended Method Execution in Action Pack
There is a possible information disclosure / unintended method execution vulnerability in Action Pack
no leída,
[CVE-2021-22885] Possible Information Disclosure / Unintended Method Execution in Action Pack
There is a possible information disclosure / unintended method execution vulnerability in Action Pack
5/5/21
Aaron Patterson
5/5/21
[CVE-2021-22903] Possible Open Redirect Vulnerability in Action Pack
There is a possible Open Redirect Vulnerability in Action Pack. This vulnerability has been assigned
no leída,
[CVE-2021-22903] Possible Open Redirect Vulnerability in Action Pack
There is a possible Open Redirect Vulnerability in Action Pack. This vulnerability has been assigned
5/5/21
Aaron Patterson
5/5/21
[CVE-2021-22902] Possible Denial of Service vulnerability in Action Dispatch
There is a possible Denial of Service vulnerability in the Mime type parser of Action Dispatch. This
no leída,
[CVE-2021-22902] Possible Denial of Service vulnerability in Action Dispatch
There is a possible Denial of Service vulnerability in the Mime type parser of Action Dispatch. This
5/5/21
Rafael França
10/2/21
[CVE-2021-22881] Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack.
no leída,
[CVE-2021-22881] Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack.
10/2/21
Rafael França
10/2/21
[CVE-2021-22880] Possible DoS Vulnerability in Active Record PostgreSQL adapter
There is a possible DoS vulnerability in the PostgreSQL adapter in Active Record. This vulnerability
no leída,
[CVE-2021-22880] Possible DoS Vulnerability in Active Record PostgreSQL adapter
There is a possible DoS vulnerability in the PostgreSQL adapter in Active Record. This vulnerability
10/2/21
Aaron Patterson
7/10/20
[CVE-2020-8264] Possible XSS Vulnerability in Action Pack in Development Mode
There is a possible XSS vulnerability in Action Pack while the application server is in development
no leída,
[CVE-2020-8264] Possible XSS Vulnerability in Action Pack in Development Mode
There is a possible XSS vulnerability in Action Pack while the application server is in development
7/10/20
George Claghorn
9/9/20
[CVE-2020-15169] Potential XSS vulnerability in Action View
There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation
no leída,
[CVE-2020-15169] Potential XSS vulnerability in Action View
There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation
9/9/20
Aaron Patterson
2
17/6/20
[CVE-2020-8185] Untrusted users able to run pending migrations in production
Sorry, I forgot to attach the patch! It's here
no leída,
[CVE-2020-8185] Untrusted users able to run pending migrations in production
Sorry, I forgot to attach the patch! It's here
17/6/20
Aaron Patterson
15/6/20
[CVE-2020-8184] Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Percent-encoded cookies can be used to overwrite existing prefixed cookie names It is possible to
no leída,
[CVE-2020-8184] Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Percent-encoded cookies can be used to overwrite existing prefixed cookie names It is possible to
15/6/20
Aaron Patterson
18/5/20
[CVE-2020-8167] CSRF Vulnerability in rails-ujs
CSRF Vulnerability in rails-ujs There is an vulnerability in rails-ujs that allows attackers to send
no leída,
[CVE-2020-8167] CSRF Vulnerability in rails-ujs
CSRF Vulnerability in rails-ujs There is an vulnerability in rails-ujs that allows attackers to send
18/5/20
Aaron Patterson
18/5/20
[CVE-2020-8166] Ability to forge per-form CSRF tokens given a global CSRF token
Ability to forge per-form CSRF tokens given a global CSRF token It is possible to possible to, given
no leída,
[CVE-2020-8166] Ability to forge per-form CSRF tokens given a global CSRF token
Ability to forge per-form CSRF tokens given a global CSRF token It is possible to possible to, given
18/5/20
Aaron Patterson
18/5/20
[CVE-2020-8165] Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
no leída,
[CVE-2020-8165] Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
18/5/20
Aaron Patterson
18/5/20
[CVE-2020-8164] Possible Strong Parameters Bypass in ActionPack
# Possible Strong Parameters Bypass in ActionPack There is a strong parameters bypass vector in
no leída,
[CVE-2020-8164] Possible Strong Parameters Bypass in ActionPack
# Possible Strong Parameters Bypass in ActionPack There is a strong parameters bypass vector in
18/5/20
Aaron Patterson
18/5/20
[CVE-2020-8162] Circumvention of file size limits in ActiveStorage
Circumvention of file size limits in ActiveStorage There is a vulnerability in ActiveStorage's S3
no leída,
[CVE-2020-8162] Circumvention of file size limits in ActiveStorage
Circumvention of file size limits in ActiveStorage There is a vulnerability in ActiveStorage's S3
18/5/20
Aaron Patterson
2
15/5/20
[CVE-2020-8163] Potential remote code execution of user-provided local names in Rails < 5.0.1
Hi, There was an error in the patch so I've attached a new patch. Please apply this patch or
no leída,
[CVE-2020-8163] Potential remote code execution of user-provided local names in Rails < 5.0.1
Hi, There was an error in the patch so I've attached a new patch. Please apply this patch or
15/5/20
Aaron Patterson
12/5/20
[CVE-2020-8161] Directory traversal in Rack::Directory
Directory traversal in Rack::Directory There was a possible directory traversal vulnerability in the
no leída,
[CVE-2020-8161] Directory traversal in Rack::Directory
Directory traversal in Rack::Directory There was a possible directory traversal vulnerability in the
12/5/20
Aaron Patterson
6/5/20
[CVE-2020-8159] Arbitrary file write/potential remote code execution in actionpack_page-caching
Arbitrary file write/potential remote code execution in actionpack_page-caching There is a
no leída,
[CVE-2020-8159] Arbitrary file write/potential remote code execution in actionpack_page-caching
Arbitrary file write/potential remote code execution in actionpack_page-caching There is a
6/5/20
Aaron Patterson
5/5/20
[CVE-2020-8151] Possible information disclosure issue in Active Resource
There is a possible information disclosure issue in Active Resource. This vulnerability has been
no leída,
[CVE-2020-8151] Possible information disclosure issue in Active Resource
There is a possible information disclosure issue in Active Resource. This vulnerability has been
5/5/20