Debian Rails vulnerabilities

CVE-2018-16476 [HIGH] CVE-2018-16476: rails - A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an ... A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1. Scope: local bookworm: resolved (fixed in 2:5.2.2+dfs

CVE-2018-16477 [MEDIUM] CVE-2018-16477: rails - A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and D... A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacke

CVE-2017-17917 [HIGH] CVE-2017-17917: rails - SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and ear... SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input Scope: local bookworm: open bullseye: open forky: open sid: open trixie

CVE-2017-17920 [HIGH] CVE-2017-17920: rails - SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and e... SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input Scope: local bookworm: open bullseye: open forky: open sid: open tr

CVE-2017-17919 [HIGH] CVE-2017-17919: rails - SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and ear... SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input Scope: local bookworm: open bullseye: open forky: open sid: open t

CVE-2017-17916 [HIGH] CVE-2017-17916: rails - SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and e... SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input Scope: local bookworm: open bullseye: open forky: open sid: open tr

CVE-2016-2097 [HIGH] CVE-2016-2097: rails - Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.... Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752. Scope: local bookworm: re

CVE-2016-0752 [HIGH] CVE-2016-0752: rails - Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.... Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. Scope: local bookworm: resolved (fixed in 2:

CVE-2016-0751 [HIGH] CVE-2016-0751: rails - actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails... actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header. Scope: local bookworm

CVE-2016-2098 [HIGH] CVE-2016-2098: rails - Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x bef... Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. Scope: local bookworm: resolved (fixed in 2:4.2.5.2-1) bullseye: resolved (fixed in 2:4.2.5.2-1) forky: resolved (fixed in 2:4.2.5.2-1) sid: resolved (fixe

CVE-2016-0753 [MEDIUM] CVE-2016-0753: rails - Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5... Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters. Scope: local bookworm: resolved (fixed in 2:4.2.5.1-1) bullseye: resolved (fixed in 2:4.2.5.1-1) forky: resolved

CVE-2016-6317 [MEDIUM] CVE-2016-6317: rails - Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider d... Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]"

CVE-2016-6316 [MEDIUM] CVE-2016-6316: rails - Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x bef... Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers. Scope: local bookworm: resolved (fixed in 2:4.2.7.1-1) bullseye: resolved (fixed in 2:

CVE-2015-7581 [HIGH] CVE-2015-7581: rails - actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Ra... actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route. Scope: local bookworm: resolved (fixed in 2:4.2.5.1-1) bullseye: resolved (

CVE-2015-7577 [MEDIUM] CVE-2015-7577: rails - activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on ... activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes f

CVE-2015-3227 [MEDIUM] CVE-2015-3227: rails - The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails b... The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. Scope: local bookworm: resolved (fixed in 2:4.2.4-2) bullseye: resolved (fixed in 2:4.2.4-2) forky: resolved (fixed in

CVE-2015-3226 [MEDIUM] CVE-2015-3226: rails - Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support i... Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding. Scope: local bookworm: resolved (fixed in 2:4.2.4-2) bullseye: resolved (fixed in 2:4.2.4-2) forky:

CVE-2015-7576 [LOW] CVE-2015-7576: rails - The http_basic_authenticate_with method in actionpack/lib/action_controller/meta... The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easie

CVE-2014-3482 [HIGH] CVE-2014-3482: rails - SQL injection vulnerability in activerecord/lib/active_record/connection_adapter... SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. Scope: local bookworm: resolved (fixed in 2:4.1.4-1) bullseye: resolved (fixed in

CVE-2014-3514 [HIGH] CVE-2014-3514: rails - activerecord/lib/active_record/relation/query_methods.rb in Active Record in Rub... activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls. Scope: local bookworm: resolved (fixed in 2:4.1.5-1) bullseye: resolved (fixed in 2:4.1.5-1) for