Lucene search
GoogleOSV:DSA-2247-1HistoryMay 31, 2011 - 12:00 a.m.
rails - several vulnerabilities
2011-05-3100:00:00
Google
osv.dev
18
EPSS
0.004
Percentile
73.1%
Several vulnerabilities have been discovered in Rails, the Ruby web
application framework. The Common Vulnerabilities and Exposures project
identifies the following problems:
- CVE-2011-0446
Multiple cross-site scripting (XSS) vulnerabilities when JavaScript
encoding is used, allow remote attackers to inject arbitrary web
script or HTML. - CVE-2011-0447
Rails does not properly validate HTTP requests that contain an
X-Requested-With header, which makes it easier for remote attackers
to conduct cross-site request forgery (CSRF) attacks.
For the oldstable distribution (lenny), this problem has been fixed in
version 2.1.0-7+lenny0.1.
For the stable distribution (squeeze), this problem has been fixed in
version 2.3.5-1.2+squeeze0.1.
For the unstable distribution (sid), this problem has been fixed in
version 2.3.11-0.1.
We recommend that you upgrade your rails packages.
References
Related
openvas
openvas
Fedora Update for rubygem-actionpack FEDORA-2011-2138
2011-03-08 00:00:00
Debian Security Advisory DSA 2247-1 (rails)
2011-08-03 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2011-2133
2011-03-08 00:00:00
nessus
nessus
Fedora 13 : rubygem-actionpack-2.3.5-4.fc13 (2011-2138)
2011-03-07 00:00:00
Debian DSA-2247-1 : rails - several vulnerabilities
2011-06-10 00:00:00
Fedora 14 : rubygem-actionpack-2.3.8-3.fc14 (2011-2133)
2011-03-07 00:00:00
seebug
seebug
Ruby on Railsθ·¨η«θζ¬ζ§θ‘εθ·¨η«θ―·ζ±δΌͺι ζΌζ΄
2011-04-08 00:00:00
debian
debian
[SECURITY] [DSA 2247-1] rails security update
2011-05-31 19:04:22
fedora
fedora
[SECURITY] Fedora 14 Update: rubygem-actionpack-2.3.8-3.fc14
2011-03-05 02:39:03
[SECURITY] Fedora 13 Update: rubygem-actionpack-2.3.5-4.fc13
2011-03-05 02:42:18
[SECURITY] Fedora 15 Update: rubygem-actionmailer-3.0.5-1.fc15
2011-04-05 21:43:09
securityvulns
securityvulns
[SECURITY] [DSA 2247-1] rails security update
2011-06-02 00:00:00
cvelist
cvelist
cve
cve
osv
osv
Rails actionpack gem vulnerable to Cross-site Scripting
2017-10-24 18:33:38
Moderate severity vulnerability that affects django
2018-07-23 19:51:10
actionpack Cross-Site Request Forgery vulnerability
2017-10-24 18:33:38
ubuntucve
ubuntucve
prion
prion
Cross site scripting
2011-02-14 21:00:00
Cross site request forgery (csrf)
2011-02-14 21:00:00
Cross site request forgery (csrf)
2011-02-14 21:00:00
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2017-10-24 00:00:00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2017-10-24 00:00:00
Cross-site request forgery in Django
2018-07-23 00:00:00
debiancve
debiancve
github
github
Rails actionpack gem vulnerable to Cross-site Scripting
2017-10-24 18:33:38
actionpack Cross-Site Request Forgery vulnerability
2017-10-24 18:33:38
Cross-site request forgery in Django
2018-07-23 19:51:10
nvd
nvd
rubygems
rubygems
XSS vulnerabilities in the mail_to helper in rails/actionview
2017-10-23 21:00:00
XSS vulnerabilities in the mail_to helper in rails/actionpack
2017-10-23 21:00:00
CSRF Protection Bypass in Ruby on Rails
2017-10-23 21:00:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00