Ruby on Rails: Security

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack.

There is a possible DoS vulnerability in the PostgreSQL adapter in Active Record. This vulnerability

There is a possible XSS vulnerability in Action Pack while the application server is in development

There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation

Sorry, I forgot to attach the patch! It's here

Percent-encoded cookies can be used to overwrite existing prefixed cookie names It is possible to

CSRF Vulnerability in rails-ujs There is an vulnerability in rails-ujs that allows attackers to send

Ability to forge per-form CSRF tokens given a global CSRF token It is possible to possible to, given

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

# Possible Strong Parameters Bypass in ActionPack There is a strong parameters bypass vector in

Circumvention of file size limits in ActiveStorage There is a vulnerability in ActiveStorage's S3

Hi, There was an error in the patch so I've attached a new patch. Please apply this patch or

Directory traversal in Rack::Directory There was a possible directory traversal vulnerability in the

Arbitrary file write/potential remote code execution in actionpack_page-caching There is a

There is a possible information disclosure issue in Active Resource. This vulnerability has been

There is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views

# [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View This is an

There is a possible file content disclosure vulnerability in Action View. This vulnerability has been

There is a potential denial of service vulnerability in MODULE / COMPONENT. This vulnerability has

There is a possible a possible remote code executing exploit in Rails when in development mode. This

There is a vulnerability in Active Storage. This vulnerability has been assigned the CVE identifier

There is a vulnerability in Active Job. This vulnerability has been assigned the CVE identifier CVE-

There is a possible vulnerability in Rack. This vulnerability has been assigned the CVE identifier

There is a possible DoS vulnerability in the multipart parser in Rack. This vulnerability has been

Hello all, A medium severity vulnerability has been identified and patched in Loofah v2.2.3, which is

There is an information leak vulnerability in Sprockets. This vulnerability has been assigned the CVE

Possible XSS vulnerability in rails-html-sanitizer There is a possible XSS vulnerability in rails-

Hello all, A medium severity vulnerability has been identified and patched in Loofah, which is a

Hi, There is a bug in the patch for the 3.2 series. I've attached a combined patch here. The

# Unsafe Query Generation Risk in Active Record There is a vulnerability when Active Record is used