Lucene search
GoogleOSV:DSA-2301-2HistoryJan 23, 2012 - 12:00 a.m.
rails - several
2012-01-2300:00:00
Google
osv.dev
18
0.007 Low
EPSS
Percentile
79.8%
Several vulnerabilities have been discovered in Rails, the Ruby web
application framework. The Common Vulnerabilities and Exposures project
identifies the following problems:
- CVE-2009-4214
A cross-site scripting (XSS) vulnerability had been found in the
strip_tags function. An attacker may inject non-printable characters
that certain browsers will then evaluate. This vulnerability only
affects the oldstable distribution (lenny). - CVE-2011-2930
A SQL injection vulnerability had been found in the quote_table_name
method that could allow malicious users to inject arbitrary SQL into a
query. - CVE-2011-2931
A cross-site scripting (XSS) vulnerability had been found in the
strip_tags helper. An parsing error can be exploited by an attacker,
who can confuse the parser and may inject HTML tags into the output
document. - CVE-2011-3186
A newline (CRLF) injection vulnerability had been found in
response.rb. This vulnerability allows an attacker to inject arbitrary
HTTP headers and conduct HTTP response splitting attacks via the
Content-Type header.
For the oldstable distribution (lenny), this problem has been fixed in
version 2.1.0-7+lenny2.
For the stable distribution (squeeze), this problem has been fixed in
version 2.3.5-1.2+squeeze2.
For the unstable distribution (sid), this problem has been fixed in
version 2.3.14.
We recommend that you upgrade your rails packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rails | eq | 2.1.0-6 | |
| rails | eq | 2.1.0-7 | |
| rails | eq | 2.1.0-7+lenny0.1 | |
| rails | eq | 2.1.0-7+lenny0.2 | |
| rails | eq | 2.1.0-7+lenny1 |
References
Related
openvas
openvas
Debian Security Advisory DSA 2301-2 (rails)
2012-02-11 00:00:00
Debian Security Advisory DSA 2301-1 (rails)
2011-09-21 00:00:00
Debian: Security Advisory (DSA-2301-1)
2011-09-21 00:00:00
osv
osv
rails - several
2012-01-23 00:00:00
activerecord vulnerable to SQL Injection
2017-10-24 18:33:38
actionpack Cross-site Scripting vulnerability
2017-10-24 18:33:38
debian
debian
[SECURITY] [DSA 2301-1] rails security update
2011-09-05 20:25:54
[SECURITY] [DSA 2301-2] rails regression
2012-01-23 18:35:53
[SECURITY] [DSA 2259-1] rails security update
2011-06-14 18:57:49
nessus
nessus
Debian DSA-2301-2 : rails - several vulnerabilities
2011-09-06 00:00:00
Fedora 14 : rubygem-actionpack-2.3.8-4.fc14 (2011-11567)
2011-09-07 00:00:00
openSUSE Security Update : rubygem-actionmailer (openSUSE-SU-2011:1305-1)
2014-06-13 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2301-1] rails security update
2011-09-09 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: rubygem-activerecord-3.0.10-1.fc16
2011-09-07 03:23:00
[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-1.fc16
2011-09-07 03:23:00
[SECURITY] Fedora 16 Update: rubygem-activeresource-3.0.10-1.fc16
2011-09-07 03:23:00
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2017-10-24 00:00:00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
2017-10-24 00:00:00
Response Splitting Vulnerability in Ruby on Rails
2011-08-29 00:00:00
ubuntucve
ubuntucve
prion
prion
Crlf injection
2011-08-29 18:55:00
Cross site scripting
2011-08-29 18:55:00
Sql injection
2011-08-29 18:55:00
github
github
activerecord vulnerable to SQL Injection
2017-10-24 18:33:38
actionpack Cross-site Scripting vulnerability
2017-10-24 18:33:38
Moderate severity vulnerability that affects rails
2017-10-24 18:33:38
debiancve
debiancve
cve
cve
cvelist
cvelist
nvd
nvd
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
Ruby on Rails: Multiple vulnerabilities
2009-12-20 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44