Ruby/rails/0.13.1
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.
Repo Link:
https://rubygems.org/gems/rails
License:
UNKNOWN
10 Security Vulnerabilities
Published date: 2017-10-24T18:33:38Z
CVE: CVE-2011-0446
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.
Affected versions:
["3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 7.0.0, 6.1.4.4, 6.0.4.4, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 6.0.4.7, 5.2.6.3, 7.0.2.3, 6.1.4.7, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3]
Recommendation:
Update to version 7.0.4.3.
Published date: 2017-10-24T18:33:38Z
CVE: CVE-2009-4214
Cross-site scripting (XSS) vulnerability in the striptags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action controller/vendor/html-scanner/html/node.rb.
Affected versions:
["2.3.4", "2.3.3", "2.3.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 7.0.0, 6.1.4.4, 6.0.4.4, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 6.0.4.7, 5.2.6.3, 7.0.2.3, 6.1.4.7, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3]
Recommendation:
Update to version 7.0.4.3.
Published date: 2017-10-24T18:33:38Z
CVE: CVE-2007-5379
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.fromxml (Hash#from xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.
Affected versions:
["1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 7.0.0, 6.1.4.4, 6.0.4.4, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 6.0.4.7, 5.2.6.3, 7.0.2.3, 6.1.4.7, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3]
Recommendation:
Update to version 7.0.4.3.
Published date: 2017-10-24T18:33:38Z
CVE: CVE-2007-3227
Cross-site scripting (XSS) vulnerability in the tojson (ActiveRecord::Base#to json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
Affected versions:
["1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 7.0.0, 6.1.4.4, 6.0.4.4, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 6.0.4.7, 5.2.6.3, 7.0.2.3, 6.1.4.7, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3]
Recommendation:
Update to version 7.0.4.3.
Published date: 2017-10-24T18:33:38Z
CVE: CVE-2008-5189
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
Affected versions:
["2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 7.0.0, 6.1.4.4, 6.0.4.4, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 6.0.4.7, 5.2.6.3, 7.0.2.3, 6.1.4.7, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3]
Recommendation:
Update to version 7.0.4.3.
Published date: 2017-10-24T18:33:38Z
CVE: CVE-2007-5380
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to URL-based sessions.
Affected versions:
["1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 7.0.0, 6.1.4.4, 6.0.4.4, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 6.0.4.7, 5.2.6.3, 7.0.2.3, 6.1.4.7, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3]
Recommendation:
Update to version 7.0.4.3.
Published date: 2017-10-24T18:33:38Z
CVE: CVE-2007-6077
The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie only attribute from the DEFAULTSESSION OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.
Affected versions:
["1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 7.0.0, 6.1.4.4, 6.0.4.4, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 6.0.4.7, 5.2.6.3, 7.0.2.3, 6.1.4.7, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3]
Recommendation:
Update to version 7.0.4.3.
Published date: 2022-04-22T00:24:28Z
CVE: CVE-2011-1497
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
Affected versions:
["3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 7.0.0, 6.1.4.4, 6.0.4.4, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 6.0.4.7, 5.2.6.3, 7.0.2.3, 6.1.4.7, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3]
Recommendation:
Update to version 7.0.4.3.
Published date: 2017-10-24T18:33:38Z
CVE: CVE-2009-2422
The example code for the digest authentication functionality (httpauthentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate orrequest withhttp digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.
Affected versions:
["2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 7.0.0, 6.1.4.4, 6.0.4.4, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 6.0.4.7, 5.2.6.3, 7.0.2.3, 6.1.4.7, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3]
Recommendation:
Update to version 7.0.4.3.
Published date: 2017-10-24T18:33:38Z
CVE: CVE-2008-4094
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
Affected versions:
["2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 7.0.0, 6.1.4.4, 6.0.4.4, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 6.0.4.7, 5.2.6.3, 7.0.2.3, 6.1.4.7, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3]
Recommendation:
Update to version 7.0.4.3.
444 Other Versions