Ruby on Rails: Security

# Possible Open Redirect in Host Authorization Middleware There is a possible open redirect

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This

There is a possible information disclosure / unintended method execution vulnerability in Action Pack

There is a possible Open Redirect Vulnerability in Action Pack. This vulnerability has been assigned

There is a possible Denial of Service vulnerability in the Mime type parser of Action Dispatch. This

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack.

There is a possible DoS vulnerability in the PostgreSQL adapter in Active Record. This vulnerability

There is a possible XSS vulnerability in Action Pack while the application server is in development

There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation

Sorry, I forgot to attach the patch! It's here

Percent-encoded cookies can be used to overwrite existing prefixed cookie names It is possible to

CSRF Vulnerability in rails-ujs There is an vulnerability in rails-ujs that allows attackers to send

Ability to forge per-form CSRF tokens given a global CSRF token It is possible to possible to, given

Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

# Possible Strong Parameters Bypass in ActionPack There is a strong parameters bypass vector in

Circumvention of file size limits in ActiveStorage There is a vulnerability in ActiveStorage's S3

Hi, There was an error in the patch so I've attached a new patch. Please apply this patch or

Directory traversal in Rack::Directory There was a possible directory traversal vulnerability in the

Arbitrary file write/potential remote code execution in actionpack_page-caching There is a

There is a possible information disclosure issue in Active Resource. This vulnerability has been

There is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views

# [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View This is an

There is a possible file content disclosure vulnerability in Action View. This vulnerability has been

There is a potential denial of service vulnerability in MODULE / COMPONENT. This vulnerability has

There is a possible a possible remote code executing exploit in Rails when in development mode. This

There is a vulnerability in Active Storage. This vulnerability has been assigned the CVE identifier

There is a vulnerability in Active Job. This vulnerability has been assigned the CVE identifier CVE-

There is a possible vulnerability in Rack. This vulnerability has been assigned the CVE identifier

There is a possible DoS vulnerability in the multipart parser in Rack. This vulnerability has been

Hello all, A medium severity vulnerability has been identified and patched in Loofah v2.2.3, which is