CVSS: 5.3EPSS: 0%CPEs: 86EXPL: 0CVE-2015-7577 – rubygem-activerecord: Nested attributes rejection proc bypass in Active Record
https://notcve.org/view.php?id=CVE-2015-7577
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature. activerecord/lib/active_record/nested_attributes.rb en Active Record en Ruby on Rails 3.1.x y 3.2.x en versiones anteriores a 3.2.22.1, 4.0.x y 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 no implementa adecuadamente una cierta opción de destruir, lo que permite a atacantes remotos eludir restricciones destinadas al cambio mediante el aprovechamiento del uso de la funcionalidad de atributos anidados. A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html http://rhn.redhat.com/errata/RHSA-2016-0296.html http://www.debian.org/security/2016/dsa-3464 http://www.openwall.com/lists/ • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 97%CPEs: 52EXPL: 2CVE-2016-0752 – Ruby on Rails Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2016-0752
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. Vulnerabilidad de salto de directorio en Action View en Ruby on Rails en versiones anteriores a 3.2.22.1, 4.0.x y 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 permite a atacantes remotos leer archivos arbitrarios aprovechando el uso no restringido del método render en una aplicación y proporcionando un .. (punto punto) en un nombre de ruta. A directory traversal flaw was found in the way the Action View component searched for templates for rendering. • https://www.exploit-db.com/exploits/40561 https://github.com/dachidahu/CVE-2016-0752 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html http://rhn.redhat.com/errata/RHSA-2016-0296 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 68EXPL: 0CVE-2016-0751 – rubygem-actionpack: possible object leak and denial of service attack in Action Pack
https://notcve.org/view.php?id=CVE-2016-0751
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header. actionpack/lib/action_dispatch/http/mime_type.rb en Action Pack en Ruby on Rails en versiones anteriores a 3.2.22.1, 4.0.x y 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 no restringe adecuadamente el uso de la caché de tipo MIME, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una cabecera HTTP Accept manipulada. A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html http://rhn.redhat.com/errata/RHSA-2016-0296.html http://www.debian.org/security/2016/dsa-3464 http://www.openwall.com/lists/ • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2014-0130 – Ruby on Rails Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2014-0130
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. Vulnerabilidad de salto de directorio en actionpack/lib/abstract_controller/base.rb en la implementación implicit-render en Ruby on Rails anterior a 3.2.18, 4.0.x anterior a 4.0.5 y 4.1.x anterior a 4.1.1, cuando ciertas configuraciones de coincidencia de patrones en rutas basadas en caracteres comodín (globbing) están habilitadas, permite a atacantes remotos leer archivos arbitrarios a través de una solicitud manipulada. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request. Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request. • http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf http://rhn.redhat.com/errata/RHSA-2014-1863.html http://www.securityfocus.com/bid/67244 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ https://access.redhat.com/security/cve/CVE-2014-0130 https://bugzilla.redhat.com/show_bug.cgi?id=1095105 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 2%CPEs: 103EXPL: 0CVE-2014-0082 – rubygem-actionpack: Action View string handling denial of service
https://notcve.org/view.php?id=CVE-2014-0082
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers. actionpack/lib/action_view/template/text.rb en Action View en Ruby on Rails 3.x anterior a 3.2.17 convierte cadenas tipo MIME a símbolos durante el uso de la opción :text al método render, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria) mediante la inclusión de estas cadenas en cabeceras. • http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html http://openwall.com/lists/oss-security/2014/02/18/10 http://rhn.redhat.com/errata/RHSA-2014-0215.html http://rhn.redhat.com/errata/RHSA-2014-0306.html http://secunia.com/advisories/57376 http://secunia.com/advisories/57836 http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ https://puppet.com& • CWE-20: Improper Input Validation •