CVE-2014-0082 – rubygem-actionpack: Action View string handling denial of service
https://notcve.org/view.php?id=CVE-2014-0082
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers. actionpack/lib/action_view/template/text.rb en Action View en Ruby on Rails 3.x anterior a 3.2.17 convierte cadenas tipo MIME a símbolos durante el uso de la opción :text al método render, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria) mediante la inclusión de estas cadenas en cabeceras. • http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html http://openwall.com/lists/oss-security/2014/02/18/10 http://rhn.redhat.com/errata/RHSA-2014-0215.html http://rhn.redhat.com/errata/RHSA-2014-0306.html http://secunia.com/advisories/57376 http://secunia.com/advisories/57836 http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ https://puppet.com& • CWE-20: Improper Input Validation •
CVE-2014-0081 – rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability
https://notcve.org/view.php?id=CVE-2014-0081
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. Múltiples vulnerabilidades de XSS en actionview/lib/action_view/helpers/number_helper.rb en Ruby on Rails anterior a 3.2.17, 4.0.x anterior a 4.0.3 y 4.1.x anterior a 4.1.0.beta2 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro (1) format, (2) negative_format, o (3) units hacia la ayuda de (a) number_to_currency, (b) number_to_percentage, o (c) number_to_human. • http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html http://openwall.com/lists/oss-security/2014/02/18/8 http://rhn.redhat.com/errata/RHSA-2014-0215.html http://rhn.redhat.com/errata/RHSA-2014-0306.html http://secunia.com/advisories/57376 http://www.securityfocus.com/bid/65647 http://www.securitytracker.com/id/1029782 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ https://access.redhat.com/security/cve/CVE-2014-0081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0080
https://notcve.org/view.php?id=CVE-2014-0080
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns. Vulnerabilidad de inyección SQL en activerecord/lib/active_record/connection_adapters/postgresql/cast.rb en Active Record en Ruby on Rails 4.0.x anterior a 4.0.3 y 4.1.0.beta1, cuando se utiliza PostgreSQL, permite a atacantes remotos ejecutar comandos SQL "add data" a través de vectores involucrando caracteres \ (barra invertida) que no están debidamente manejados en operaciones sobre columnas array. • http://openwall.com/lists/oss-security/2014/02/18/9 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2013-6416
https://notcve.org/view.php?id=CVE-2013-6416
Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute. Vulnerabilidad de XSS en el ayudante simple_format en actionpack/lib/action_view/helpers/text_helper.rb de Ruby on Rails 4.x anterior a la versión 4.0.2 permite a atacantes remotos inyectar script web o HTML arbitrario a través de un atributo HTML manipulado. • http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released http://www.securityfocus.com/bid/64071 https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6414 – rubygem-actionpack: Action View DoS
https://notcve.org/view.php?id=CVE-2013-6414
actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching. actionpack/lib/action_view/lookup_context.rb en Action View en Ruby on Rails 3.x anteriores a 3.2.16 y 4.x anteriores a 4.0.2 permite a atacantes remotos causar denegación de servicio (consumo de memoria) a través de una cabecera conteniendo un tipo MIME inválido que conduce a un cacheo excesivo. A denial of service flaw was found in the header handling component of Action View. A remote attacker could send strings in specially crafted headers that would be cached indefinitely, which would result in all available system memory eventually being consumed. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-1794.html http://rhn.redhat.com/errata/RHSA-2014-0008.html http://rhn.redhat.com/errata/RHSA-2014-1863.html http://secunia.com/advisories/57836 http://weblog.rubyonrails.org/2013/12 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •