Ruby on Rails: Security

Showing 1-20 of 80 topics
[AMENDED] [CVE-2014-7829] Arbitrary file existence disclosure in Action Pack Aaron Patterson 11/20/14
[CVE-2014-7829] Arbitrary file existence disclosure in Action Pack Aaron Patterson 11/17/14
[AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets Aaron Patterson 10/30/14
Arbitrary file existence disclosure in Sprockets (CVE-2014-7819) Aaron Patterson 10/30/14
Arbitrary file existence disclosure in Action Pack (CVE-2014-7818) Aaron Patterson 10/30/14
[Ruby on Rails] [CVE-2014-3514] Strong Parameter bypass with create_with Rafael Mendonça França 8/18/14
Amended Patches for CVE-2014-3483 for Rails 4.x Rafael Mendonça França 7/2/14
[CVE-2014-3482] [CVE-2014-3483] Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL Rafael Mendonça França 7/2/14
[AMENDED] [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations Rafael Mendonça França 5/6/14
Unsafe Query Risk in Active Record Rafael Mendonça França 5/6/14
[CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations Rafael Mendonça França 5/6/14
Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082) Aaron Patterson 2/18/14
Data Injection Vulnerability in Active Record (CVE-2014-0080) Aaron Patterson 2/18/14
XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (CVE-2014-0081) Aaron Patterson 2/18/14
[CVE-2013-6416] XSS Vulnerability in simple_format helper Aaron Patterson 12/3/13
[CVE-2013-6414] Denial of Service Vulnerability in Action View Aaron Patterson 12/3/13
[CVE-2013-6415] XSS Vulnerability in number_to_currency Aaron Patterson 12/3/13
[CVE-2013-6417] Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk) Aaron Patterson 12/3/13
[CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Aaron Patterson 12/3/13
[CVE-2013-1854] Symbol DoS vulnerability in Active Record Aaron Patterson 3/18/13
More topics »