CVE-2013-1856
https://notcve.org/view.php?id=CVE-2013-1856
The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference. El backend ActiveSupport::XmlMini_JDOM en lib/active_support/xml_mini/jdom.rb en el componente Active Support en Ruby on Rails v3.0.x y 3.1.x anterior a v3.1.12 y v3.2.x anterior a v3.2.13, cuando se usa JRuby, no restringe adecuadamente las capacidades del validador XML, lo que permite a atacantes remotos leer archivos de su elección o provocar una denegación de servicio (consumo de recursos) a través de vectores que involucran (1) una TDT externa o (2) una declaración de entidad externa junto con una referencia a una entidad. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://support.apple.com/kb/HT5784 http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain • CWE-20: Improper Input Validation •
CVE-2013-1854 – rubygem-activerecord: attribute_dos Symbol DoS vulnerability
https://notcve.org/view.php?id=CVE-2013-1854
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. El componente Active Record en Ruby on Rails v2.3.x anterior a v2.3.18, v3.1.x anterior a v3.1.12, y v3.2.x anterior a v3.2.13, procesa determinadas consultas mediante la conversión de los hash de las claves a símbolos, lo que permite a atacantes remotos provocar una denegación de servicio a través de una entrada manipulada al método "where". A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service (resource consumption) attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html http://rhn.redhat.com • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVE-2013-1855 – rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css
https://notcve.org/view.php?id=CVE-2013-1855
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences. El método sanitize_css en lib/action_controller/vendor/html-scanner/html/sanitizer.rb en el componente Action Pack en Ruby on Rails anterior a v2.3.18, v3.0.x y v3.1.x anterior a v3.1.12, y v3.2.x anterior a v3.2.13, no menaja adecuadamente los caracteres \n (nueva línea), lo que facilita a atacantes remotos llevar a cabo ataques XSS a través de secuencias CSS. A cross-site scripting (XSS) flaw was found in Action Pack. A remote attacker could use this flaw to conduct XSS attacks against users of an application using Action Pack. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-0698.html http://rhn.redhat.com/errata/RHSA-2014-1863.html http://support.apple.com/kb/HT5784 http:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0276 – rubygem-activerecord/rubygem-activemodel: circumvention of attr_protected
https://notcve.org/view.php?id=CVE-2013-0276
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request. ActiveRecord en Ruby on Rails v3.2.x anteriores a v3.2.12, v3.1.x anteriores a v3.1.11, y v2.3.x anteriores a v2.3.17 permite a atacantes remotos evitar el mecanismo de protección "attr_protected" y modificar el modelo de atributos protegidos a través de una petición hecha a mano. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html http://rhn.redhat.com/errata/RHSA-2013-0686.html http://secunia.com/advisories/52112 http://secunia.com/advisories/52774 http://support.apple.com/kb/HT5784 http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released http://www.debian.org/security/2013/dsa-2620 http://www.openwall.com/l • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-0277
https://notcve.org/view.php?id=CVE-2013-0277
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML. Active Record en Ruby on Rails v3.x anteriores a v3.1.0 y v2.3.x anteriores a v2.3.17 permite a atacantes remotos causar una denegación de servicio o ejecución de código arbitrario a través de atributos serializados manipulados que causan al asistente +serialize+ la des-serialización arbitraria del YAML. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html http://secunia.com/advisories/52112 http://securitytracker.com/id?1028109 http://support.apple.com/kb/HT5784 http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released http://www.debian.org/security/2013/dsa-2620 http://www.openwall.com/lists/oss-security/2013/02/11/6 http://www.osv •