Download
| Alert*
oval:org.secpod.oval:def:602424
Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby. Both vulnerabilities affect Action Pack, which handles the web requests for Rails. CVE-2016-2097 Crafted requests to Action View, one of the components of Action Pack, might result in rendering files from ... oval:org.secpod.oval:def:110237 Simple, battle-tested conventions and helpers for building web pages. oval:org.secpod.oval:def:110234 Simple, battle-tested conventions and helpers for building web pages. oval:org.secpod.oval:def:504979 The ror40 collection provides Ruby on Rails version 4.0. Ruby on Rails is a model-view-controller framework for web application development. The following issues were corrected in rubygem-actionpack: Multiple directory traversal flaws were found in the way the Action View component searched for tem ... oval:org.secpod.oval:def:504941 The ruby193 collection provides Ruby version 1.9.3 and Ruby on Rails version 3.2. Ruby on Rails is a model-view-controller framework for web application development. The following issues were corrected in rubygem-actionpack: Multiple directory traversal flaws were found in the way the Action View c ... oval:org.secpod.oval:def:505081 The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller framework for web application development. The following issue was corrected in rubygem-actionpack and rubygem-actionview: A directory traversal flaw was found in the way the Action View component s ... oval:org.secpod.oval:def:1901402 Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application"s unrestricted use of the render method and providing a ... oval:org.secpod.oval:def:110222 Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework. oval:org.secpod.oval:def:602354 Multiple security issues have been discovered in the Rails on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation. oval:org.secpod.oval:def:110218 Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn"t require a browser. |