CVSS: 6.4EPSS: 0%CPEs: 108EXPL: 0CVE-2013-6417 – rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)
https://notcve.org/view.php?id=CVE-2013-6417
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155. actoinpack/lib/action_dispatch/http/request.rb en Ruby on Rails anteriores a 3.2.16 y 4.x anteriores a 4.0.2 no considera correctamente las diferencias en la gestión de parámetros entre el componente Active Record y la implementación de JSON, lo cual permite a atacantes remotos sortear restricciones de consultas a la base de datos y ejecutar comprobaciones NULL o provocar falta de cláusulas WHERE a través de una petición manipulada que aprovecha (1) middleware Rack de terceros o (2) middleware Rack propio. NOTA: esta vulnerabilidad existe debido a una corrección incompleta de CVE-2013-0155. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-1794.html http://rhn.redhat.com/errata/RHSA-2014-0008.html http://rhn.redhat.com/errata/RHSA-2014-0469.html http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 108EXPL: 0CVE-2013-4491 – rubygem-actionpack: i18n missing translation XSS
https://notcve.org/view.php?id=CVE-2013-4491
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem. Vulnerabilidad de cross-site scripting (XSS) en actionpack/lib/action_view/helpers/translation_helper.rb en el componente internationalization en Ruby on Rails 3.x anteriores a 3.2.16 y 4.x anteriores a 4.0.2 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de cadenas de texto manipuladas que activan la generación de una cadena de fallback en la gema i18n. It was discovered that the internationalization component of Ruby on Rails could, under certain circumstances, return a fallback HTML string that contained user input. A remote attacker could possibly use this flaw to perform a reflective cross-site scripting (XSS) attack by providing a specially crafted input to an application using the aforementioned component. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-1794.html http://rhn.redhat.com/errata/RHSA-2014-0008.html http://rhn.redhat.com/errata/RHSA-2014-1863.html http://secunia.com/advisories/57836 http://weblog.rubyonrails.org/2013/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 1CVE-2013-4389
https://notcve.org/view.php?id=CVE-2013-4389
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message. Múltiples vulnerabilidadews de format string en archivos log_subscriber.rb en el componente de suscripción de log de Action Mailer en Ruby on Rails 3.x anterior a 3.2.15 permite a atacantes remotos causar una denegación de servicio a través de una dirección de email manipulada que es manejada de manera inapropiada durante la construcción de un mensaje de log. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html http://www.debian.org/security/2014/dsa-2887 http://www.debian.org/security/2014/dsa-2888 https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.4EPSS: 0%CPEs: 104EXPL: 1CVE-2013-3221
https://notcve.org/view.php?id=CVE-2013-3221
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database. El componente Active Record en Ruby on Rails 2.3.x, 3.0.x, 3.1.x, y 3.2.x, no asegura que el tipo de dato declarado de una columna de la base de datos sea usado durante la comparación con los valores de entrada almacenados en dicha columna, lo que facilita a atacantes remotos a llevar a cabo ataques de inyección de tipos de datos (data-types) contra las aplicaciones de Ruby on Rails a través de un valor manipulado, como se ha demostrado mediante una transacción entre la característica "typed XML" y la base de datos de MySQL. • http://openwall.com/lists/oss-security/2013/02/06/7 http://openwall.com/lists/oss-security/2013/04/24/7 http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails http://www.phenoelit.org/blog/archives/2013/02/index.html https://gist.github.com/dakull/5442275 https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 1%CPEs: 47EXPL: 0CVE-2013-1856
https://notcve.org/view.php?id=CVE-2013-1856
The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving (1) an external DTD or (2) an external entity declaration in conjunction with an entity reference. El backend ActiveSupport::XmlMini_JDOM en lib/active_support/xml_mini/jdom.rb en el componente Active Support en Ruby on Rails v3.0.x y 3.1.x anterior a v3.1.12 y v3.2.x anterior a v3.2.13, cuando se usa JRuby, no restringe adecuadamente las capacidades del validador XML, lo que permite a atacantes remotos leer archivos de su elección o provocar una denegación de servicio (consumo de recursos) a través de vectores que involucran (1) una TDT externa o (2) una declaración de entidad externa junto con una referencia a una entidad. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://support.apple.com/kb/HT5784 http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain • CWE-20: Improper Input Validation •