CVE-2013-4491 – rubygem-actionpack: i18n missing translation XSS
https://notcve.org/view.php?id=CVE-2013-4491
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem. Vulnerabilidad de cross-site scripting (XSS) en actionpack/lib/action_view/helpers/translation_helper.rb en el componente internationalization en Ruby on Rails 3.x anteriores a 3.2.16 y 4.x anteriores a 4.0.2 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de cadenas de texto manipuladas que activan la generación de una cadena de fallback en la gema i18n. It was discovered that the internationalization component of Ruby on Rails could, under certain circumstances, return a fallback HTML string that contained user input. A remote attacker could possibly use this flaw to perform a reflective cross-site scripting (XSS) attack by providing a specially crafted input to an application using the aforementioned component. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html http://rhn.redhat.com/errata/RHSA-2013-1794.html http://rhn.redhat.com/errata/RHSA-2014-0008.html http://rhn.redhat.com/errata/RHSA-2014-1863.html http://secunia.com/advisories/57836 http://weblog.rubyonrails.org/2013/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-4389
https://notcve.org/view.php?id=CVE-2013-4389
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message. Múltiples vulnerabilidadews de format string en archivos log_subscriber.rb en el componente de suscripción de log de Action Mailer en Ruby on Rails 3.x anterior a 3.2.15 permite a atacantes remotos causar una denegación de servicio a través de una dirección de email manipulada que es manejada de manera inapropiada durante la construcción de un mensaje de log. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html http://www.debian.org/security/2014/dsa-2887 http://www.debian.org/security/2014/dsa-2888 https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ • CWE-134: Use of Externally-Controlled Format String •
CVE-2013-3221
https://notcve.org/view.php?id=CVE-2013-3221
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database. El componente Active Record en Ruby on Rails 2.3.x, 3.0.x, 3.1.x, y 3.2.x, no asegura que el tipo de dato declarado de una columna de la base de datos sea usado durante la comparación con los valores de entrada almacenados en dicha columna, lo que facilita a atacantes remotos a llevar a cabo ataques de inyección de tipos de datos (data-types) contra las aplicaciones de Ruby on Rails a través de un valor manipulado, como se ha demostrado mediante una transacción entre la característica "typed XML" y la base de datos de MySQL. • http://openwall.com/lists/oss-security/2013/02/06/7 http://openwall.com/lists/oss-security/2013/04/24/7 http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails http://www.phenoelit.org/blog/archives/2013/02/index.html https://gist.github.com/dakull/5442275 https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain • CWE-20: Improper Input Validation •
CVE-2013-1857 – rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails
https://notcve.org/view.php?id=CVE-2013-1857
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence. El sanitize helper en lib/action_controller/vendor/html-scanner/html/sanitizer.rb en el componente Action Pack en Ruby on Rails en versiones anteriores a 2.3.18, 3.0.x y 3.1.x en versiones anteriores a 3.1.12 y 3.2.x en versiones anteriores a 3.2.13 no maneja adecuadamente codificación de caracteres : (dos puntos) en URLs, lo que hace que sea más fácil para atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) a través de un nombre de esquema manipulado, según lo demostrado incluyendo una secuencia :. A cross-site scripting (XSS) flaw was found in Action Pack. A remote attacker could use this flaw to conduct XSS attacks against users of an application using Action Pack. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-0698.html http://rhn.redhat.com/errata/RHSA-2014-1863.html http://support.apple.com/kb/HT5784 http:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-1854 – rubygem-activerecord: attribute_dos Symbol DoS vulnerability
https://notcve.org/view.php?id=CVE-2013-1854
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. El componente Active Record en Ruby on Rails v2.3.x anterior a v2.3.18, v3.1.x anterior a v3.1.12, y v3.2.x anterior a v3.2.13, procesa determinadas consultas mediante la conversión de los hash de las claves a símbolos, lo que permite a atacantes remotos provocar una denegación de servicio a través de una entrada manipulada al método "where". A flaw was found in the way Ruby on Rails handled hashes in certain queries. A remote attacker could use this flaw to perform a denial of service (resource consumption) attack by sending specially crafted queries that would result in the creation of Ruby symbols, which were never garbage collected. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html http://rhn.redhat.com • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •