Information on source package rails

Available versions

ReleaseVersion
wheezy2:2.3.14.2
jessie (security)2:4.1.8-1+deb8u4
stretch2:4.2.7.1-1
buster2:4.2.9-4
sid2:4.2.9-4

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
CVE-2011-3187vulnerablevulnerablevulnerablevulnerablevulnerableThe to_s method in ...
CVE-2010-3299vulnerablevulnerablevulnerablevulnerablevulnerableruby on rails: padding oracle attack

Resolved issues

BugDescription
CVE-2016-6317Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly ...
CVE-2016-6316Cross-site scripting (XSS) vulnerability in Action View in Ruby on ...
CVE-2016-2098Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and ...
CVE-2016-2097Directory traversal vulnerability in Action View in Ruby on Rails ...
CVE-2016-0753Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before ...
CVE-2016-0752Directory traversal vulnerability in Action View in Ruby on Rails ...
CVE-2016-0751actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in ...
CVE-2015-7581actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in ...
CVE-2015-7577activerecord/lib/active_record/nested_attributes.rb in Active Record ...
CVE-2015-7576The http_basic_authenticate_with method in ...
CVE-2015-3227The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby ...
CVE-2015-3226Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active ...
CVE-2014-7829Directory traversal vulnerability in ...
CVE-2014-7818Directory traversal vulnerability in ...
CVE-2014-3514activerecord/lib/active_record/relation/query_methods.rb in Active ...
CVE-2014-3483SQL injection vulnerability in ...
CVE-2014-3482SQL injection vulnerability in ...
CVE-2014-0082actionpack/lib/action_view/template/text.rb in Action View in Ruby on ...
CVE-2014-0081Multiple cross-site scripting (XSS) vulnerabilities in ...
CVE-2014-0080SQL injection vulnerability in ...
CVE-2013-6417actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...
CVE-2013-6416Cross-site scripting (XSS) vulnerability in the simple_format helper ...
CVE-2013-6415Cross-site scripting (XSS) vulnerability in the number_to_currency ...
CVE-2013-6414actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ...
CVE-2013-4491Cross-site scripting (XSS) vulnerability in ...
CVE-2013-4389Multiple format string vulnerabilities in log_subscriber.rb files in ...
CVE-2013-3221The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ...
CVE-2013-1857The sanitize helper in ...
CVE-2013-1856The ActiveSupport::XmlMini_JDOM backend in ...
CVE-2013-1855The sanitize_css method in ...
CVE-2013-1854The Active Record component in Ruby on Rails 2.3.x before 2.3.18, ...
CVE-2013-0333lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before ...
CVE-2013-0277ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 ...
CVE-2013-0276ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and ...
CVE-2013-0156active_support/core_ext/hash/conversions.rb in Ruby on Rails before ...
CVE-2013-0155Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x ...
CVE-2012-6497The Authlogic gem for Ruby on Rails, when used with certain versions ...
CVE-2012-6496SQL injection vulnerability in the Active Record component in Ruby on ...
CVE-2012-3465Cross-site scripting (XSS) vulnerability in ...
CVE-2012-3464Cross-site scripting (XSS) vulnerability in ...
CVE-2012-3463Cross-site scripting (XSS) vulnerability in ...
CVE-2012-3424The decode_credentials method in ...
CVE-2012-2661The Active Record component in Ruby on Rails 3.0.x before 3.0.13, ...
CVE-2012-1099Cross-site scripting (XSS) vulnerability in ...
CVE-2012-1098Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before ...
CVE-2011-4319Cross-site scripting (XSS) vulnerability in the i18n translations ...
CVE-2011-3186CRLF injection vulnerability in ...
CVE-2011-2932Cross-site scripting (XSS) vulnerability in ...
CVE-2011-2931Cross-site scripting (XSS) vulnerability in the strip_tags helper in ...
CVE-2011-2930Multiple SQL injection vulnerabilities in the quote_table_name method ...
CVE-2011-2929The template selection functionality in ...
CVE-2011-2197The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x ...
CVE-2011-0449actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x ...
CVE-2011-0448Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the ...
CVE-2011-0447Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before ...
CVE-2011-0446Multiple cross-site scripting (XSS) vulnerabilities in the mail_to ...
CVE-2010-3933Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested ...
CVE-2009-4214Cross-site scripting (XSS) vulnerability in the strip_tags function in ...
CVE-2009-3086A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x ...
CVE-2009-3009Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before ...
CVE-2009-2422The example code for the digest authentication functionality ...
CVE-2008-7248Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ...
CVE-2008-5189CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows ...
CVE-2008-4094Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 ...
CVE-2007-6077The session fixation protection mechanism in cgi_process.rb in Rails ...
CVE-2007-5380Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ...
CVE-2007-5379Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ...
CVE-2007-3227Cross-site scripting (XSS) vulnerability in the to_json ...
CVE-2006-4112Unspecified vulnerability in the "dependency resolution mechanism" in ...
CVE-2006-4111Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby ...

Security announcements

DSA / DLADescription
DSA-3651-1rails - security update
DSA-3509-1rails - security update
DSA-3464-1rails - security update
DSA-2655-1rails - several
DSA-2620-1rails - several
DSA-2613-1rails - insufficient input validation
DSA-2609-1rails - SQL query manipulation
DSA-2604-1rails - insufficient input validation
DSA-2597-1rails - input validation error
DSA-2466-1rails - cross site scripting
DSA-2301-2rails - several
DSA-2301-2rails - several
DSA-2301-1rails - several
DSA-2301-1rails - several
DSA-2260-1rails - several
DSA-2247-1rails - several vulnerabilities
DSA-2247-1rails - several vulnerabilities
DSA-1887-1rails - cross-site scripting

Search for package or bug name: Reporting problems