rails -- multiple vulnerabilities

2016-01-2500:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.974 High

EPSS

Percentile

99.9%

JSON

Ruby on Rails blog:

Rails 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, and 3.2.22.1 have been
released! These contain important security fixes, and it is
recommended that users upgrade as soon as possible.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchrubygem-actionpack< 3.2.22.1UNKNOWN
FreeBSDanynoarchrubygem-actionpack4< 4.2.5.1UNKNOWN
FreeBSDanynoarchrubygem-actionview< 4.2.5.1UNKNOWN
FreeBSDanynoarchrubygem-activemodel4< 4.2.5.1UNKNOWN
FreeBSDanynoarchrubygem-activerecord< 3.2.22.1UNKNOWN
FreeBSDanynoarchrubygem-activerecord4< 4.2.5.1UNKNOWN
FreeBSDanynoarchrubygem-rails< 3.2.22.1UNKNOWN
FreeBSDanynoarchrubygem-rails-html-sanitizer< 1.0.3UNKNOWN
FreeBSDanynoarchrubygem-rails4< 4.2.5.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	rubygem-actionpack	< 3.2.22.1	UNKNOWN
FreeBSD	any	noarch	rubygem-actionpack4	< 4.2.5.1	UNKNOWN
FreeBSD	any	noarch	rubygem-actionview	< 4.2.5.1	UNKNOWN
FreeBSD	any	noarch	rubygem-activemodel4	< 4.2.5.1	UNKNOWN
FreeBSD	any	noarch	rubygem-activerecord	< 3.2.22.1	UNKNOWN
FreeBSD	any	noarch	rubygem-activerecord4	< 4.2.5.1	UNKNOWN
FreeBSD	any	noarch	rubygem-rails	< 3.2.22.1	UNKNOWN
FreeBSD	any	noarch	rubygem-rails-html-sanitizer	< 1.0.3	UNKNOWN
FreeBSD	any	noarch	rubygem-rails4	< 4.2.5.1	UNKNOWN