Debian Rails vulnerabilities

CVE-2024-26142 [HIGH] CVE-2024-26142: rails - Rails is a web-application framework. Starting in version 7.1.0, there is a poss... Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Scope: local bookworm: resolved bullseye: resolved forky: re

CVE-2024-32464 [MEDIUM] CVE-2024-32464: rails - Action Text brings rich text content and editing to Rails. Instances of ActionTe... Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2023-22794 [HIGH] CVE-2023-22794: rails - A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the s... A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject

CVE-2023-22796 [HIGH] CVE-2023-22796: rails - A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0... A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability. Scope: local bookworm: resolve

CVE-2023-22795 [HIGH] CVE-2023-22795: rails - A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.... A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading

CVE-2023-22792 [HIGH] CVE-2023-22792: rails - A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7... A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS v

CVE-2023-28120 [MEDIUM] CVE-2023-28120: rails - There is a vulnerability in ActiveSupport if the new bytesplice method is called... There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. Scope: local bookworm: resolved (fixed in 2:6.1.7.3+dfsg-1) bullseye: resolved (fixed in 2:6.0.3.7+dfsg-2+deb11u2) forky: resolved (fixed in 2:6.1.7.3+dfsg-1) sid: resolved (fixed in 2:6.1.7.3+dfsg-1) trixie: resolved (fixed in 2:6.1.7.3+dfsg-1

CVE-2023-38037 [MEDIUM] CVE-2023-38037: rails - ActiveSupport::EncryptedFile writes contents that will be encrypted to a tempor... ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this

CVE-2023-23913 [MEDIUM] CVE-2023-23913: rails - There is a potential DOM based cross-site scripting issue in rails-ujs which lev... There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute. Scope: local bookworm: resolve

CVE-2023-28362 [MEDIUM] CVE-2023-28362: rails - The redirect_to method in Rails allows provided values to contain characters whi... The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. Scope: local bookworm: resolved (fixed in 2:6.1.7.10+dfsg-1~deb12u1) bullseye: resolved (fixed in

CVE-2023-22797 [MEDIUM] CVE-2023-22797: rails - An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection... An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vu

CVE-2022-32224 [CRITICAL] CVE-2022-32224: rails - A possible escalation to RCE vulnerability exists when using YAML serialized col... A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE. Scope: local bookworm: resolved (fixed in 2:6.1.6.1+dfsg-1) bullseye: open forky:

CVE-2022-21831 [CRITICAL] CVE-2022-21831: rails - A code injection vulnerability exists in the Active Storage >= v5.2.0 that could... A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. Scope: local bookworm: resolved (fixed in 2:6.1.4.7+dfsg-1) bullseye: resolved (fixed in 2:6.0.3.7+dfsg-2+deb11u1) forky: resolved (fixed in 2:6.1.4.7+dfsg-1) sid: resolved (fixed in 2:6.1.4.7+dfsg-1) trixie: resolved (

CVE-2022-23633 [HIGH] CVE-2022-23633: rails - Action Pack is a framework for handling and responding to web requests. Under ce... Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails

CVE-2022-44566 [HIGH] CVE-2022-44566: rails - A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <... A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Den

CVE-2022-22577 [MEDIUM] CVE-2022-22577: rails - An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an att... An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. Scope: local bookworm: resolved (fixed in 2:6.1.6.1+dfsg-1) bullseye: resolved (fixed in 2:6.0.3.7+dfsg-2+deb11u1) forky: resolved (fixed in 2:6.1.6.1+dfsg-1) sid: resolved (fixed in 2:6.1.6.1+dfsg-1) trixie: resolved (fixed in 2:6.1.6.1+d

CVE-2022-27777 [MEDIUM] CVE-2022-27777: rails - A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would ... A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. Scope: local bookworm: resolved (fixed in 2:6.1.6.1+dfsg-1) bullseye: resolved (fixed in 2:6.0.3.7+dfsg-2+deb11u1) forky: resolved (fixed in 2:6.1.6.1+dfsg-1) sid: resolved (fixed in 2:6.1.6.1+dfsg-1)

CVE-2022-3704 [LOW] CVE-2022-3704: rails - A vulnerability classified as problematic has been found in Ruby on Rails. This ... A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real existence of this vulnerability is still doubted at the moment. The name of

CVE-2021-22885 [HIGH] CVE-2021-22885: rails - A possible information disclosure / unintended method execution vulnerability in... A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. Scope: local bookworm: resolved (fixed in 2:6.0.3.7+dfsg-1) bullseye: resolved (fixed in 2:6.0.3.7+dfsg-1) forky: resolved (fixed in 2:6.0.3.7+dfsg-1) sid: resolved (fixed in 2:6.0.3.7+

CVE-2021-22904 [HIGH] CVE-2021-22904: rails - The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a p... The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. Scope: local bookworm: resol