CVSS: 5.3EPSS: 0%CPEs: 86EXPL: 0CVE-2015-7577 – rubygem-activerecord: Nested attributes rejection proc bypass in Active Record
https://notcve.org/view.php?id=CVE-2015-7577
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature. activerecord/lib/active_record/nested_attributes.rb en Active Record en Ruby on Rails 3.1.x y 3.2.x en versiones anteriores a 3.2.22.1, 4.0.x y 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 no implementa adecuadamente una cierta opción de destruir, lo que permite a atacantes remotos eludir restricciones destinadas al cambio mediante el aprovechamiento del uso de la funcionalidad de atributos anidados. A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html http://rhn.redhat.com/errata/RHSA-2016-0296.html http://www.debian.org/security/2016/dsa-3464 http://www.openwall.com/lists/ • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 97%CPEs: 52EXPL: 2CVE-2016-0752 – Ruby on Rails Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2016-0752
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. Vulnerabilidad de salto de directorio en Action View en Ruby on Rails en versiones anteriores a 3.2.22.1, 4.0.x y 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 permite a atacantes remotos leer archivos arbitrarios aprovechando el uso no restringido del método render en una aplicación y proporcionando un .. (punto punto) en un nombre de ruta. A directory traversal flaw was found in the way the Action View component searched for templates for rendering. • https://www.exploit-db.com/exploits/40561 https://github.com/dachidahu/CVE-2016-0752 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html http://rhn.redhat.com/errata/RHSA-2016-0296 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 68EXPL: 0CVE-2016-0751 – rubygem-actionpack: possible object leak and denial of service attack in Action Pack
https://notcve.org/view.php?id=CVE-2016-0751
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header. actionpack/lib/action_dispatch/http/mime_type.rb en Action Pack en Ruby on Rails en versiones anteriores a 3.2.22.1, 4.0.x y 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 no restringe adecuadamente el uso de la caché de tipo MIME, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una cabecera HTTP Accept manipulada. A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html http://rhn.redhat.com/errata/RHSA-2016-0296.html http://www.debian.org/security/2016/dsa-3464 http://www.openwall.com/lists/ • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 125EXPL: 0CVE-2014-3482 – rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting
https://notcve.org/view.php?id=CVE-2014-3482
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. Vulnerabilidad de inyección SQL en activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb en el adaptador PostgreSQL para Active Record en Ruby on Rails 2.x y 3.x anterior a 3.2.19 permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante el aprovechamiento del citado de bitstrings indebido. It was discovered that Active Record did not properly quote values of the bitstring type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record. • http://openwall.com/lists/oss-security/2014/07/02/5 http://rhn.redhat.com/errata/RHSA-2014-0876.html http://secunia.com/advisories/59973 http://secunia.com/advisories/60214 http://secunia.com/advisories/60763 http://www.debian.org/security/2014/dsa-2982 http://www.securityfocus.com/bid/68343 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J https://access.redhat.com/security/cve/CVE-2014-3482 https://bugzilla.redhat.com/show_bug • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2014-0130 – Ruby on Rails Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2014-0130
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. Vulnerabilidad de salto de directorio en actionpack/lib/abstract_controller/base.rb en la implementación implicit-render en Ruby on Rails anterior a 3.2.18, 4.0.x anterior a 4.0.5 y 4.1.x anterior a 4.1.1, cuando ciertas configuraciones de coincidencia de patrones en rutas basadas en caracteres comodín (globbing) están habilitadas, permite a atacantes remotos leer archivos arbitrarios a través de una solicitud manipulada. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request. Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request. • http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf http://rhn.redhat.com/errata/RHSA-2014-1863.html http://www.securityfocus.com/bid/67244 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ https://access.redhat.com/security/cve/CVE-2014-0130 https://bugzilla.redhat.com/show_bug.cgi?id=1095105 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •