Download
| Alert*
oval:org.secpod.oval:def:600612
Several vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4214 A cross-site scripting vulnerability had been found in the strip_tags function. An attacker may inject non-pri ... oval:org.secpod.oval:def:2499 The host is installed with Ruby on Rails 2.3.x before 2.3.13 and is prone to CRLF injection vulnerability. A flaw is present in the application which fails to sufficiently validate the values provided. Successful exploitation allows remote attackers to inject arbitrary HTTP headers into a response. oval:org.secpod.oval:def:102984 Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn"t require a browser. oval:org.secpod.oval:def:600715 It was discovered that the last security update for Ruby on Rails, DSA-2301-1, introduced a regression in the libactionpack-ruby package. |