Groups
Conversations
All groups and messages
Send feedback to Google
Help
Sign in
Groups
Ruby on Rails: Security
Conversations
About
Ruby on Rails: Security
1–30 of 135
Mark all as read
Report abusive group
0 selected
Aaron Patterson
Apr 26
[CVE-2022-27777] Possible XSS Vulnerability in Action View tag helpers
There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash
unread,
[CVE-2022-27777] Possible XSS Vulnerability in Action View tag helpers
There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash
Apr 26
Aaron Patterson
Apr 26
[CVE-2022-22577] Possible XSS Vulnerability in Action Pack
There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned
unread,
[CVE-2022-22577] Possible XSS Vulnerability in Action Pack
There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned
Apr 26
Aaron Patterson
Mar 8
[CVE-2022-21831] Possible code injection vulnerability in Rails / Active Storage
There is a possible code injection vulnerability in the Active Storage module of Rails. This
unread,
[CVE-2022-21831] Possible code injection vulnerability in Rails / Active Storage
There is a possible code injection vulnerability in the Active Storage module of Rails. This
Mar 8
Aaron Patterson
Feb 11
[CVE-2022-23633] Possible exposure of information vulnerability in Action Pack
## Impact Under certain circumstances response bodies will not be closed, for example a bug in a
unread,
[CVE-2022-23633] Possible exposure of information vulnerability in Action Pack
## Impact Under certain circumstances response bodies will not be closed, for example a bug in a
Feb 11
Aaron Patterson
12/14/21
[CVE-2021-44528] Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack.
unread,
[CVE-2021-44528] Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack.
12/14/21
Aaron Patterson
8/19/21
[CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware
# Possible Open Redirect in Host Authorization Middleware There is a possible open redirect
unread,
[CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware
# Possible Open Redirect in Host Authorization Middleware There is a possible open redirect
8/19/21
Aaron Patterson
5/5/21
[CVE-2021-22904] Possible DoS Vulnerability in Action Controller Token Authentication
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This
unread,
[CVE-2021-22904] Possible DoS Vulnerability in Action Controller Token Authentication
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This
5/5/21
Aaron Patterson
5/5/21
[CVE-2021-22885] Possible Information Disclosure / Unintended Method Execution in Action Pack
There is a possible information disclosure / unintended method execution vulnerability in Action Pack
unread,
[CVE-2021-22885] Possible Information Disclosure / Unintended Method Execution in Action Pack
There is a possible information disclosure / unintended method execution vulnerability in Action Pack
5/5/21
Aaron Patterson
5/5/21
[CVE-2021-22903] Possible Open Redirect Vulnerability in Action Pack
There is a possible Open Redirect Vulnerability in Action Pack. This vulnerability has been assigned
unread,
[CVE-2021-22903] Possible Open Redirect Vulnerability in Action Pack
There is a possible Open Redirect Vulnerability in Action Pack. This vulnerability has been assigned
5/5/21
Aaron Patterson
5/5/21
[CVE-2021-22902] Possible Denial of Service vulnerability in Action Dispatch
There is a possible Denial of Service vulnerability in the Mime type parser of Action Dispatch. This
unread,
[CVE-2021-22902] Possible Denial of Service vulnerability in Action Dispatch
There is a possible Denial of Service vulnerability in the Mime type parser of Action Dispatch. This
5/5/21
Rafael França
2/10/21
[CVE-2021-22881] Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack.
unread,
[CVE-2021-22881] Possible Open Redirect in Host Authorization Middleware
There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack.
2/10/21
Rafael França
2/10/21
[CVE-2021-22880] Possible DoS Vulnerability in Active Record PostgreSQL adapter
There is a possible DoS vulnerability in the PostgreSQL adapter in Active Record. This vulnerability
unread,
[CVE-2021-22880] Possible DoS Vulnerability in Active Record PostgreSQL adapter
There is a possible DoS vulnerability in the PostgreSQL adapter in Active Record. This vulnerability
2/10/21
Aaron Patterson
10/7/20
[CVE-2020-8264] Possible XSS Vulnerability in Action Pack in Development Mode
There is a possible XSS vulnerability in Action Pack while the application server is in development
unread,
[CVE-2020-8264] Possible XSS Vulnerability in Action Pack in Development Mode
There is a possible XSS vulnerability in Action Pack while the application server is in development
10/7/20
George Claghorn
9/9/20
[CVE-2020-15169] Potential XSS vulnerability in Action View
There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation
unread,
[CVE-2020-15169] Potential XSS vulnerability in Action View
There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation
9/9/20
Aaron Patterson
2
6/17/20
[CVE-2020-8185] Untrusted users able to run pending migrations in production
Sorry, I forgot to attach the patch! It's here
unread,
[CVE-2020-8185] Untrusted users able to run pending migrations in production
Sorry, I forgot to attach the patch! It's here
6/17/20
Aaron Patterson
6/15/20
[CVE-2020-8184] Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Percent-encoded cookies can be used to overwrite existing prefixed cookie names It is possible to
unread,
[CVE-2020-8184] Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Percent-encoded cookies can be used to overwrite existing prefixed cookie names It is possible to
6/15/20
Aaron Patterson
5/18/20
[CVE-2020-8167] CSRF Vulnerability in rails-ujs
CSRF Vulnerability in rails-ujs There is an vulnerability in rails-ujs that allows attackers to send
unread,
[CVE-2020-8167] CSRF Vulnerability in rails-ujs
CSRF Vulnerability in rails-ujs There is an vulnerability in rails-ujs that allows attackers to send
5/18/20
Aaron Patterson
5/18/20
[CVE-2020-8166] Ability to forge per-form CSRF tokens given a global CSRF token
Ability to forge per-form CSRF tokens given a global CSRF token It is possible to possible to, given
unread,
[CVE-2020-8166] Ability to forge per-form CSRF tokens given a global CSRF token
Ability to forge per-form CSRF tokens given a global CSRF token It is possible to possible to, given
5/18/20
Aaron Patterson
5/18/20
[CVE-2020-8165] Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
unread,
[CVE-2020-8165] Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
5/18/20
Aaron Patterson
5/18/20
[CVE-2020-8164] Possible Strong Parameters Bypass in ActionPack
# Possible Strong Parameters Bypass in ActionPack There is a strong parameters bypass vector in
unread,
[CVE-2020-8164] Possible Strong Parameters Bypass in ActionPack
# Possible Strong Parameters Bypass in ActionPack There is a strong parameters bypass vector in
5/18/20
Aaron Patterson
5/18/20
[CVE-2020-8162] Circumvention of file size limits in ActiveStorage
Circumvention of file size limits in ActiveStorage There is a vulnerability in ActiveStorage's S3
unread,
[CVE-2020-8162] Circumvention of file size limits in ActiveStorage
Circumvention of file size limits in ActiveStorage There is a vulnerability in ActiveStorage's S3
5/18/20
Aaron Patterson
2
5/15/20
[CVE-2020-8163] Potential remote code execution of user-provided local names in Rails < 5.0.1
Hi, There was an error in the patch so I've attached a new patch. Please apply this patch or
unread,
[CVE-2020-8163] Potential remote code execution of user-provided local names in Rails < 5.0.1
Hi, There was an error in the patch so I've attached a new patch. Please apply this patch or
5/15/20
Aaron Patterson
5/12/20
[CVE-2020-8161] Directory traversal in Rack::Directory
Directory traversal in Rack::Directory There was a possible directory traversal vulnerability in the
unread,
[CVE-2020-8161] Directory traversal in Rack::Directory
Directory traversal in Rack::Directory There was a possible directory traversal vulnerability in the
5/12/20
Aaron Patterson
5/6/20
[CVE-2020-8159] Arbitrary file write/potential remote code execution in actionpack_page-caching
Arbitrary file write/potential remote code execution in actionpack_page-caching There is a
unread,
[CVE-2020-8159] Arbitrary file write/potential remote code execution in actionpack_page-caching
Arbitrary file write/potential remote code execution in actionpack_page-caching There is a
5/6/20
Aaron Patterson
5/5/20
[CVE-2020-8151] Possible information disclosure issue in Active Resource
There is a possible information disclosure issue in Active Resource. This vulnerability has been
unread,
[CVE-2020-8151] Possible information disclosure issue in Active Resource
There is a possible information disclosure issue in Active Resource. This vulnerability has been
5/5/20
Aaron Patterson
3/19/20
[CVE-2020-5267] Possible XSS vulnerability in ActionView
There is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views
unread,
[CVE-2020-5267] Possible XSS vulnerability in ActionView
There is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views
3/19/20
Aaron Patterson
3/22/19
[CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View
# [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View This is an
unread,
[CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View
# [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View This is an
3/22/19
Aaron Patterson
3/13/19
[CVE-2019-5418] File Content Disclosure in Action View
There is a possible file content disclosure vulnerability in Action View. This vulnerability has been
unread,
[CVE-2019-5418] File Content Disclosure in Action View
There is a possible file content disclosure vulnerability in Action View. This vulnerability has been
3/13/19
Aaron Patterson
3/13/19
[CVE-2019-5419] Denial of Service Vulnerability in Action View
There is a potential denial of service vulnerability in MODULE / COMPONENT. This vulnerability has
unread,
[CVE-2019-5419] Denial of Service Vulnerability in Action View
There is a potential denial of service vulnerability in MODULE / COMPONENT. This vulnerability has
3/13/19
Aaron Patterson
3/13/19
[CVE-2019-5420] Possible Remote Code Execution Exploit in Rails Development Mode
There is a possible a possible remote code executing exploit in Rails when in development mode. This
unread,
[CVE-2019-5420] Possible Remote Code Execution Exploit in Rails Development Mode
There is a possible a possible remote code executing exploit in Rails when in development mode. This
3/13/19