Information on source package rails

Available versions

ReleaseVersion
jessie2:4.1.8-1+deb8u4
jessie (security)2:4.1.8-1+deb8u5
stretch2:4.2.7.1-1+deb9u1
buster2:5.2.2.1+dfsg-1
bullseye2:5.2.3+dfsg-1
sid2:5.2.3+dfsg-1

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2017-17920vulnerablevulnerablevulnerablevulnerablevulnerable** DISPUTED ** SQL injection vulnerability in the 'reorder' method in ...
CVE-2017-17919vulnerablevulnerablevulnerablevulnerablevulnerable** DISPUTED ** SQL injection vulnerability in the 'order' method in Ru ...
CVE-2017-17917vulnerablevulnerablevulnerablevulnerablevulnerable** DISPUTED ** SQL injection vulnerability in the 'where' method in Ru ...
CVE-2017-17916vulnerablevulnerablevulnerablevulnerablevulnerable** DISPUTED ** SQL injection vulnerability in the 'find_by' method in ...
CVE-2011-3187vulnerablevulnerablevulnerablevulnerablevulnerableThe to_s method in actionpack/lib/action_dispatch/middleware/remote_ip ...
CVE-2010-3299vulnerablevulnerablevulnerablevulnerablevulnerableThe encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ...

Resolved issues

BugDescription
CVE-2019-5420A remote code execution vulnerability in development mode Rails <5. ...
CVE-2019-5419There is a possible denial of service vulnerability in Action View (Ra ...
CVE-2019-5418There is a File Content Disclosure vulnerability in Action View <5. ...
CVE-2018-16477A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud ...
CVE-2018-16476A Broken Access Control vulnerability in Active Job versions >= 4.2 ...
CVE-2016-6317Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly ...
CVE-2016-6316Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rai ...
CVE-2016-2098Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and ...
CVE-2016-2097Directory traversal vulnerability in Action View in Ruby on Rails befo ...
CVE-2016-0753Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2. ...
CVE-2016-0752Directory traversal vulnerability in Action View in Ruby on Rails befo ...
CVE-2016-0751actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Rub ...
CVE-2015-7581actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in ...
CVE-2015-7577activerecord/lib/active_record/nested_attributes.rb in Active Record i ...
CVE-2015-7576The http_basic_authenticate_with method in actionpack/lib/action_contr ...
CVE-2015-3227The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby ...
CVE-2015-3226Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active ...
CVE-2014-7829Directory traversal vulnerability in actionpack/lib/action_dispatch/mi ...
CVE-2014-7818Directory traversal vulnerability in actionpack/lib/action_dispatch/mi ...
CVE-2014-3514activerecord/lib/active_record/relation/query_methods.rb in Active Rec ...
CVE-2014-3483SQL injection vulnerability in activerecord/lib/active_record/connecti ...
CVE-2014-3482SQL injection vulnerability in activerecord/lib/active_record/connecti ...
CVE-2014-0082actionpack/lib/action_view/template/text.rb in Action View in Ruby on ...
CVE-2014-0081Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/ ...
CVE-2014-0080SQL injection vulnerability in activerecord/lib/active_record/connecti ...
CVE-2013-6417actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...
CVE-2013-6416Cross-site scripting (XSS) vulnerability in the simple_format helper i ...
CVE-2013-6415Cross-site scripting (XSS) vulnerability in the number_to_currency hel ...
CVE-2013-6414actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ...
CVE-2013-4491Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...
CVE-2013-4389Multiple format string vulnerabilities in log_subscriber.rb files in t ...
CVE-2013-3221The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ...
CVE-2013-1857The sanitize helper in lib/action_controller/vendor/html-scanner/html/ ...
CVE-2013-1856The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini ...
CVE-2013-1855The sanitize_css method in lib/action_controller/vendor/html-scanner/h ...
CVE-2013-1854The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1. ...
CVE-2013-0333lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before ...
CVE-2013-0277ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allow ...
CVE-2013-0276ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and ...
CVE-2013-0156active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2. ...
CVE-2013-0155Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x befo ...
CVE-2012-6497The Authlogic gem for Ruby on Rails, when used with certain versions b ...
CVE-2012-6496SQL injection vulnerability in the Active Record component in Ruby on ...
CVE-2012-3465Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...
CVE-2012-3464Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...
CVE-2012-3463Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...
CVE-2012-3424The decode_credentials method in actionpack/lib/action_controller/meta ...
CVE-2012-2661The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1. ...
CVE-2012-1099Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...
CVE-2012-1098Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before ...
CVE-2011-4319Cross-site scripting (XSS) vulnerability in the i18n translations help ...
CVE-2011-3186CRLF injection vulnerability in actionpack/lib/action_controller/respo ...
CVE-2011-2932Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...
CVE-2011-2931Cross-site scripting (XSS) vulnerability in the strip_tags helper in a ...
CVE-2011-2930Multiple SQL injection vulnerabilities in the quote_table_name method ...
CVE-2011-2929The template selection functionality in actionpack/lib/action_view/tem ...
CVE-2011-2197The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x ...
CVE-2011-0449actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x ...
CVE-2011-0448Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the ...
CVE-2011-0447Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3. ...
CVE-2011-0446Multiple cross-site scripting (XSS) vulnerabilities in the mail_to hel ...
CVE-2010-3933Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attribut ...
CVE-2009-4214Cross-site scripting (XSS) vulnerability in the strip_tags function in ...
CVE-2009-3086A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x be ...
CVE-2009-3009Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2 ...
CVE-2009-2422The example code for the digest authentication functionality (http_aut ...
CVE-2008-7248Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ...
CVE-2008-5189CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remo ...
CVE-2008-4094Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 a ...
CVE-2007-6077The session fixation protection mechanism in cgi_process.rb in Rails 1 ...
CVE-2007-5380Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ...
CVE-2007-5379Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ...
CVE-2007-3227Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord: ...
CVE-2006-4112Unspecified vulnerability in the "dependency resolution mechanism" in ...
CVE-2006-4111Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby cod ...

Security announcements

DSA / DLADescription
DLA-1739-1rails - security update
DSA-3651-1rails - security update
DSA-3509-1rails - security update
DSA-3464-1rails - security update
DSA-2655-1rails - several
DSA-2620-1rails - several
DSA-2613-1rails - insufficient input validation
DSA-2609-1rails - SQL query manipulation
DSA-2604-1rails - insufficient input validation
DSA-2597-1rails - input validation error
DSA-2466-1rails - cross site scripting
DSA-2301-2rails - several
DSA-2301-2rails - several
DSA-2301-1rails - several
DSA-2301-1rails - several
DSA-2260-1rails - several
DSA-2247-1rails - several vulnerabilities
DSA-2247-1rails - several vulnerabilities
DSA-1887-1rails - cross-site scripting

Search for package or bug name: Reporting problems