Ruby/rails/1.2.6
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.
https://rubygems.org/gems/rails
UNKNOWN
6 Security Vulnerabilities
Moderate severity vulnerability that affects rails
- https://nvd.nist.gov/vuln/detail/CVE-2011-0446
- https://github.com/advisories/GHSA-75w6-p6mg-vh8j
- http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
- http://secunia.com/advisories/43274
- http://secunia.com/advisories/43666
- http://www.debian.org/security/2011/dsa-2247
- http://www.securityfocus.com/bid/46291
- http://www.securitytracker.com/id?1025064
- http://www.vupen.com/english/advisories/2011/0587
- http://www.vupen.com/english/advisories/2011/0877
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.
Moderate severity vulnerability that affects rails
- https://nvd.nist.gov/vuln/detail/CVE-2009-4214
- https://github.com/advisories/GHSA-9p3v-wf2w-v29c
- http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5
- http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
- http://secunia.com/advisories/37446
- http://secunia.com/advisories/38915
- http://support.apple.com/kb/HT4077
- http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released
- http://www.debian.org/security/2011/dsa-2260
- http://www.debian.org/security/2011/dsa-2301
- http://www.openwall.com/lists/oss-security/2009/11/27/2
- http://www.openwall.com/lists/oss-security/2009/12/08/3
- http://www.securityfocus.com/bid/37142
- http://www.securitytracker.com/id?1023245
- http://www.vupen.com/english/advisories/2009/3352
Cross-site scripting (XSS) vulnerability in the striptags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/actioncontroller/vendor/html-scanner/html/node.rb.
Moderate severity vulnerability that affects rails
- https://nvd.nist.gov/vuln/detail/CVE-2008-5189
- https://github.com/advisories/GHSA-jmgf-p46x-982h
- http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
- http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing
- http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk
- http://www.securityfocus.com/bid/32359
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
Cross site scripting in rails < 3.0.6
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
High severity vulnerability that affects rails
- https://nvd.nist.gov/vuln/detail/CVE-2009-2422
- https://github.com/advisories/GHSA-rxq3-gm4p-5fj4
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51528
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s
- http://secunia.com/advisories/35702
- http://support.apple.com/kb/HT4077
- http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
- http://www.securityfocus.com/bid/35579
- http://www.vupen.com/english/advisories/2009/1802
The example code for the digest authentication functionality (httpauthentication.rb) in Ruby on Rails before 2.3.3 defines an authenticateorrequestwithhttpdigest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.
High severity vulnerability that affects rails
- https://nvd.nist.gov/vuln/detail/CVE-2008-4094
- https://github.com/advisories/GHSA-xf96-32q2-9rw2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45109
- http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
- http://gist.github.com/8946
- http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
- http://rails.lighthouseapp.com/projects/8994/tickets/288
- http://rails.lighthouseapp.com/projects/8994/tickets/964
- http://secunia.com/advisories/31875
- http://secunia.com/advisories/31909
- http://secunia.com/advisories/31910
- http://www.openwall.com/lists/oss-security/2008/09/13/2
- http://www.openwall.com/lists/oss-security/2008/09/16/1
- http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
- http://www.securityfocus.com/bid/31176
- http://www.securitytracker.com/id?1020871
- http://www.vupen.com/english/advisories/2008/2562
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
444 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
7.0.4.3 | MIT | 2023-03-13 - 18:53 | 7 days | |
7.0.4.2 | MIT | 2023-01-25 - 03:14 | about 2 months | |
7.0.4.1 | MIT | 2023-01-17 - 18:55 | 2 months | |
7.0.4 | MIT | 2022-09-09 - 18:42 | 6 months | |
7.0.3.1 | MIT | 2022-07-12 - 17:31 | 8 months | |
7.0.3 | MIT | 2022-05-09 - 13:41 | 11 months | |
7.0.2.4 | MIT | 2022-04-26 - 19:33 | 11 months | |
7.0.2.3 | MIT | 2022-03-08 - 17:50 | about 1 year | |
7.0.2.2 | MIT | 2022-02-11 - 19:44 | about 1 year | |
7.0.2.1 | MIT | 2022-02-11 - 18:19 | about 1 year | |
7.0.2 | MIT | 2022-02-08 - 23:13 | about 1 year | |
7.0.1 | MIT | 2022-01-06 - 21:55 | about 1 year | |
7.0.0 | MIT | 2021-12-15 - 23:45 | over 1 year | |
7.0.0.rc3 | MIT | 2021-12-14 - 23:04 | over 1 year | |
7.0.0.rc2 | MIT | 2021-12-14 - 19:40 | over 1 year | |
7.0.0.rc1 | MIT | 2021-12-06 - 21:33 | over 1 year | |
7.0.0.alpha2 | MIT | 2021-09-15 - 23:16 | over 1 year | |
7.0.0.alpha1 | MIT | 2021-09-15 - 21:58 | over 1 year | |
6.1.7.3 | MIT | 2023-03-13 - 18:48 | 7 days | |
6.1.7.2 | MIT | 2023-01-25 - 03:23 | about 2 months | |
6.1.7.1 | MIT | 2023-01-17 - 18:54 | 2 months | |
6.1.7 | MIT | 2022-09-09 - 18:39 | 6 months | |
6.1.6.1 | MIT | 2022-07-12 - 17:29 | 8 months | |
6.1.6 | MIT | 2022-05-09 - 13:46 | 11 months | |
6.1.5.1 | MIT | 2022-04-26 - 19:30 | 11 months | |
6.1.5 | MIT | 2022-03-10 - 21:17 | about 1 year | |
6.1.4.7 | MIT | 2022-03-08 - 17:49 | about 1 year | |
6.1.4.6 | MIT | 2022-02-11 - 19:42 | about 1 year | |
6.1.4.5 | MIT | 2022-02-11 - 18:23 | about 1 year | |
6.1.4.4 | MIT | 2021-12-15 - 22:54 | over 1 year | |
6.1.4.3 | MIT | 2021-12-14 - 23:02 | over 1 year | |
6.1.4.2 | MIT | 2021-12-14 - 19:54 | over 1 year | |
6.1.4.1 | MIT | 2021-08-19 - 16:27 | over 1 year | |
6.1.4 | MIT | 2021-06-24 - 20:41 | over 1 year | |
6.1.3.2 | MIT | 2021-05-05 - 15:47 | almost 2 years | |
6.1.3.1 | MIT | 2021-03-26 - 18:08 | almost 2 years | |
6.1.3 | MIT | 2021-02-17 - 18:43 | about 2 years | |
6.1.2.1 | MIT | 2021-02-10 - 20:46 | about 2 years | |
6.1.2 | MIT | 2021-02-09 - 21:30 | about 2 years | |
6.1.1 | MIT | 2021-01-07 - 23:00 | about 2 years | |
6.1.0 | MIT | 2020-12-09 - 19:58 | over 2 years | |
6.1.0.rc2 | MIT | 2020-12-01 - 22:02 | over 2 years | |
6.1.0.rc1 | MIT | 2020-11-02 - 21:21 | over 2 years | |
6.0.6.1 | MIT | 2023-01-17 - 18:53 | 2 months | |
6.0.6 | MIT | 2022-09-09 - 18:32 | 6 months | |
6.0.5.1 | MIT | 2022-07-12 - 17:28 | 8 months | |
6.0.5 | MIT | 2022-05-09 - 13:55 | 11 months | |
6.0.4.8 | MIT | 2022-04-26 - 19:27 | 11 months | |
6.0.4.7 | MIT | 2022-03-08 - 17:47 | about 1 year | |
6.0.4.6 | MIT | 2022-02-11 - 19:40 | about 1 year | |
6.0.4.5 | MIT | 2022-02-11 - 18:25 | about 1 year | |
6.0.4.4 | MIT | 2021-12-15 - 22:48 | over 1 year | |
6.0.4.3 | MIT | 2021-12-14 - 23:01 | over 1 year | |
6.0.4.2 | MIT | 2021-12-14 - 20:11 | over 1 year | |
6.0.4.1 | MIT | 2021-08-19 - 16:24 | over 1 year | |
6.0.4 | MIT | 2021-06-15 - 20:18 | almost 2 years | |
6.0.3.7 | MIT | 2021-05-05 - 16:02 | almost 2 years | |
6.0.3.6 | MIT | 2021-03-26 - 17:34 | almost 2 years | |
6.0.3.5 | MIT | 2021-02-10 - 20:40 | about 2 years | |
6.0.3.4 | MIT | 2020-10-07 - 16:51 | over 2 years | |
6.0.3.3 | MIT | 2020-09-09 - 18:40 | over 2 years | |
6.0.3.2 | MIT | 2020-06-17 - 14:55 | almost 3 years | |
6.0.3.1 | MIT | 2020-05-18 - 15:47 | almost 3 years | |
6.0.3 | MIT | 2020-05-06 - 18:06 | almost 3 years | |
6.0.3.rc1 | MIT | 2020-05-01 - 17:19 | almost 3 years | |
6.0.2.2 | MIT | 2020-03-19 - 16:44 | about 3 years | |
6.0.2.1 | MIT | 2019-12-18 - 19:09 | over 3 years | |
6.0.2 | MIT | 2019-12-13 - 18:22 | over 3 years | |
6.0.2.rc2 | MIT | 2019-12-09 - 16:14 | over 3 years | |
6.0.2.rc1 | MIT | 2019-11-27 - 15:14 | over 3 years | |
6.0.1 | MIT | 2019-11-05 - 14:41 | over 3 years | |
6.0.1.rc1 | MIT | 2019-10-31 - 20:12 | over 3 years | |
6.0.0 | MIT | 2019-08-16 - 18:01 | over 3 years | |
6.0.0.rc2 | MIT | 2019-07-22 - 21:13 | over 3 years | |
6.0.0.rc1 | MIT | 2019-04-24 - 18:51 | almost 4 years | |
6.0.0.beta3 | MIT | 2019-03-13 - 17:03 | about 4 years | |
6.0.0.beta2 | MIT | 2019-02-25 - 22:46 | about 4 years | |
6.0.0.beta1 | MIT | 2019-01-18 - 21:24 | about 4 years | |
5.2.8.1 | MIT | 2022-07-12 - 17:26 | 8 months | |
5.2.8 | MIT | 2022-05-09 - 14:04 | 11 months | |
5.2.7.1 | MIT | 2022-04-26 - 19:23 | 11 months | |
5.2.7 | MIT | 2022-03-11 - 00:01 | about 1 year | |
5.2.6.3 | MIT | 2022-03-08 - 17:46 | about 1 year | |
5.2.6.2 | MIT | 2022-02-11 - 19:37 | about 1 year | |
5.2.6.1 | MIT | 2022-02-11 - 18:44 | about 1 year | |
5.2.6 | MIT | 2021-05-05 - 17:09 | almost 2 years | |
5.2.5 | MIT | 2021-03-26 - 17:21 | almost 2 years | |
5.2.4.6 | MIT | 2021-05-05 - 15:29 | almost 2 years | |
5.2.4.5 | MIT | 2021-02-10 - 20:36 | about 2 years | |
5.2.4.4 | MIT | 2020-09-09 - 18:40 | over 2 years | |
5.2.4.3 | MIT | 2020-05-18 - 15:43 | almost 3 years | |
5.2.4.2 | MIT | 2020-03-19 - 16:38 | about 3 years | |
5.2.4.1 | MIT | 2019-12-18 - 19:04 | over 3 years | |
5.2.4 | MIT | 2019-11-27 - 15:48 | over 3 years | |
5.2.4.rc1 | MIT | 2019-11-23 - 00:29 | over 3 years | |
5.2.3 | MIT | 2019-03-28 - 03:02 | almost 4 years | |
5.2.3.rc1 | MIT | 2019-03-22 - 03:35 | almost 4 years | |
5.2.2.1 | MIT | 2019-03-13 - 16:54 | about 4 years | |
5.2.2 | MIT | 2018-12-04 - 18:15 | over 4 years | |
5.2.2.rc1 | MIT | 2018-11-28 - 22:55 | over 4 years |