Ruby/rails/2.3.15
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.
https://rubygems.org/gems/rails
UNKNOWN
2 Security Vulnerabilities
Cross site scripting in rails
Published date: 2022-04-22T00:24:28Z
CVE: CVE-2011-1497
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2011-1497
- https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG
- https://www.openwall.com/lists/oss-security/2011/04/06/13
- https://github.com/advisories/GHSA-q58j-fmvf-9rq6
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
Affected versions: ["3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions: [3.2.17, 3.2.18, 3.2.19, 3.2.20, 3.2.21, 3.2.22, 3.2.22.1, 3.2.22.2, 3.2.22.3, 3.2.22.4, 3.2.22.5, 4.0.0.beta1, 4.0.0.rc1, 4.0.0.rc2, 4.0.10, 4.0.10.rc1, 4.0.10.rc2, 4.0.11, 4.0.11.1, 4.0.12, 4.0.13, 4.0.13.rc1, 4.0.3, 4.0.4, 4.0.4.rc1, 4.0.5, 4.0.6, 4.0.6.rc1, 4.0.6.rc2, 4.0.6.rc3, 4.0.7, 4.0.8, 4.0.9, 4.1.0, 4.1.0.beta1, 4.1.0.beta2, 4.1.0.rc1, 4.1.0.rc2, 4.1.1, 4.1.10, 4.1.10.rc1, 4.1.10.rc2, 4.1.10.rc3, 4.1.10.rc4, 4.1.11, 4.1.12, 4.1.12.rc1, 4.1.13, 4.1.13.rc1, 4.1.14, 4.1.14.1, 4.1.14.2, 4.1.14.rc1, 4.1.14.rc2, 4.1.15, 4.1.15.rc1, 4.1.16, 4.1.16.rc1, 4.1.2, 4.1.2.rc1, 4.1.2.rc2, 4.1.2.rc3, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.6.rc1, 4.1.6.rc2, 4.1.7, 4.1.7.1, 4.1.8, 4.1.9, 4.1.9.rc1, 4.2.0, 4.2.0.beta1, 4.2.0.beta2, 4.2.0.beta3, 4.2.0.beta4, 4.2.0.rc1, 4.2.0.rc2, 4.2.0.rc3, 4.2.1, 4.2.1.rc1, 4.2.1.rc2, 4.2.1.rc3, 4.2.1.rc4, 4.2.10, 4.2.10.rc1, 4.2.11, 4.2.11.1, 4.2.11.2, 4.2.11.3, 4.2.2, 4.2.3, 4.2.3.rc1, 4.2.4, 4.2.4.rc1, 4.2.5, 4.2.5.1, 4.2.5.2, 4.2.5.rc1, 4.2.5.rc2, 4.2.6, 4.2.6.rc1, 4.2.7, 4.2.7.1, 4.2.7.rc1, 4.2.8, 4.2.8.rc1, 4.2.9, 4.2.9.rc1, 4.2.9.rc2, 5.0.0, 5.0.0.1, 5.0.0.beta1, 5.0.0.beta1.1, 5.0.0.beta2, 5.0.0.beta3, 5.0.0.beta4, 5.0.0.racecar1, 5.0.0.rc1, 5.0.0.rc2, 5.0.1, 5.0.1.rc1, 5.0.1.rc2, 5.0.2, 5.0.2.rc1, 5.0.3, 5.0.4, 5.0.4.rc1, 5.0.5, 5.0.5.rc1, 5.0.5.rc2, 5.0.6, 5.0.6.rc1, 5.0.7, 5.0.7.1, 5.0.7.2, 5.1.0, 5.1.0.beta1, 5.1.0.rc1, 5.1.0.rc2, 5.1.1, 5.1.2, 5.1.2.rc1, 5.1.3, 5.1.3.rc1, 5.1.3.rc2, 5.1.3.rc3, 5.1.4, 5.1.4.rc1, 5.1.5, 5.1.5.rc1, 5.1.6, 5.1.6.1, 5.1.6.2, 5.1.7, 5.1.7.rc1, 5.2.0.beta1, 5.2.0.beta2, 5.2.0.rc1, 5.2.0.rc2, 6.1.7.10, 6.1.7.7, 6.1.7.8, 6.1.7.9, 7.0.0.alpha1, 7.0.0.alpha2, 7.0.0.rc1, 7.0.0.rc2, 7.0.0.rc3, 7.0.10, 7.0.8.1, 7.0.8.2, 7.0.8.3, 7.0.8.4, 7.0.8.5, 7.0.8.6, 7.0.8.7, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.3.1, 7.1.3.2, 7.1.3.3, 7.1.3.4, 7.1.4, 7.1.4.1, 7.1.4.2, 7.1.5, 7.1.5.1, 7.1.5.2, 7.1.6, 7.2.0, 7.2.0.beta1, 7.2.0.beta2, 7.2.0.beta3, 7.2.0.rc1, 7.2.1, 7.2.1.1, 7.2.1.2, 7.2.2, 7.2.2.1, 7.2.2.2, 7.2.3, 8.0.0, 8.0.0.1, 8.0.0.beta1, 8.0.0.rc1, 8.0.0.rc2, 8.0.1, 8.0.2, 8.0.2.1, 8.0.3, 8.0.4, 8.1.0, 8.1.0.beta1, 8.1.0.rc1, 8.1.1, 8.1.2]
Recommendation: Update to version 8.1.2.
Rails vulnerable to Cross-site Scripting
Published date: 2017-10-24
CVE: 2014-0081
CVSS V2: 4.3
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb
in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negativeformat, or (3) units parameter to the (a) numbertocurrency, (b) numbertopercentage, or (c) numberto_human helper.
Affected versions: ["3.1.1.rc1", "3.0.17", "3.0.15", "3.0.14", "3.0.12.rc1", "3.0.10.rc1", "3.0.9", "3.0.7", "3.0.4.rc1", "2.3.17", "2.3.9", "2.3.8", "2.3.5", "2.3.3", "2.1.2", "2.0.5", "1.1.5", "3.1.11", "3.1.2.rc1", "3.1.1", "3.1.0", "3.1.0.rc8", "3.0.20", "3.0.18", "3.0.9.rc4", "3.0.8.rc1", "3.0.2", "3.0.0", "3.0.0.beta4", "2.3.14", "2.0.0", "1.2.5", "0.11.1", "0.10.0", "0.9.2", "3.1.10", "3.1.9", "3.1.1.rc3", "3.1.0.rc1", "3.0.6.rc2", "3.0.4", "3.0.3", "3.0.0.beta", "2.3.10", "2.3.8.pre1", "2.2.2", "1.1.6", "3.1.8", "3.1.5.rc1", "3.1.0.rc6", "3.1.0.rc3", "3.0.19", "3.0.13", "3.0.10", "3.0.5.rc1", "3.0.0.beta3", "2.3.16", "2.0.1", "1.2.2", "1.1.3", "0.14.4", "0.9.4.1", "0.14.2", "0.11.0", "0.9.4", "0.9.0", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.beta1", "3.0.9.rc1", "3.0.8.rc2", "3.1.4", "3.1.3", "3.1.2", "3.1.0.rc2", "3.0.16", "3.0.11", "3.0.8", "3.0.8.rc4", "3.0.6.rc1", "3.1.12", "3.1.7", "3.1.6", "3.1.5", "3.1.2.rc2", "3.1.1.rc2", "3.0.13.rc1", "3.0.12", "3.0.9.rc5", "3.0.7.rc1", "3.1.4.rc1", "3.0.9.rc3", "3.0.7.rc2", "3.0.6", "3.0.5", "3.0.0.rc", "2.3.11", "2.0.4", "1.1.1", "1.0.0", "0.13.0", "0.12.1", "0.10.1", "0.9.3", "2.3.12", "2.3.6", "2.3.2", "2.0.2", "1.2.3", "1.1.4", "1.1.2", "0.14.1", "0.8.0", "3.0.1", "3.0.0.rc2", "2.3.9.pre", "2.3.4", "2.1.1", "1.2.6", "0.14.3", "0.12.0", "0.9.5", "0.9.1", "3.0.0.beta2", "2.3.18", "2.3.15", "2.3.7", "2.2.3", "2.1.0", "1.2.4", "1.2.1", "1.2.0", "1.1.0", "0.13.1", "0.8.5"]
Secure versions: [3.2.17, 3.2.18, 3.2.19, 3.2.20, 3.2.21, 3.2.22, 3.2.22.1, 3.2.22.2, 3.2.22.3, 3.2.22.4, 3.2.22.5, 4.0.0.beta1, 4.0.0.rc1, 4.0.0.rc2, 4.0.10, 4.0.10.rc1, 4.0.10.rc2, 4.0.11, 4.0.11.1, 4.0.12, 4.0.13, 4.0.13.rc1, 4.0.3, 4.0.4, 4.0.4.rc1, 4.0.5, 4.0.6, 4.0.6.rc1, 4.0.6.rc2, 4.0.6.rc3, 4.0.7, 4.0.8, 4.0.9, 4.1.0, 4.1.0.beta1, 4.1.0.beta2, 4.1.0.rc1, 4.1.0.rc2, 4.1.1, 4.1.10, 4.1.10.rc1, 4.1.10.rc2, 4.1.10.rc3, 4.1.10.rc4, 4.1.11, 4.1.12, 4.1.12.rc1, 4.1.13, 4.1.13.rc1, 4.1.14, 4.1.14.1, 4.1.14.2, 4.1.14.rc1, 4.1.14.rc2, 4.1.15, 4.1.15.rc1, 4.1.16, 4.1.16.rc1, 4.1.2, 4.1.2.rc1, 4.1.2.rc2, 4.1.2.rc3, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.6.rc1, 4.1.6.rc2, 4.1.7, 4.1.7.1, 4.1.8, 4.1.9, 4.1.9.rc1, 4.2.0, 4.2.0.beta1, 4.2.0.beta2, 4.2.0.beta3, 4.2.0.beta4, 4.2.0.rc1, 4.2.0.rc2, 4.2.0.rc3, 4.2.1, 4.2.1.rc1, 4.2.1.rc2, 4.2.1.rc3, 4.2.1.rc4, 4.2.10, 4.2.10.rc1, 4.2.11, 4.2.11.1, 4.2.11.2, 4.2.11.3, 4.2.2, 4.2.3, 4.2.3.rc1, 4.2.4, 4.2.4.rc1, 4.2.5, 4.2.5.1, 4.2.5.2, 4.2.5.rc1, 4.2.5.rc2, 4.2.6, 4.2.6.rc1, 4.2.7, 4.2.7.1, 4.2.7.rc1, 4.2.8, 4.2.8.rc1, 4.2.9, 4.2.9.rc1, 4.2.9.rc2, 5.0.0, 5.0.0.1, 5.0.0.beta1, 5.0.0.beta1.1, 5.0.0.beta2, 5.0.0.beta3, 5.0.0.beta4, 5.0.0.racecar1, 5.0.0.rc1, 5.0.0.rc2, 5.0.1, 5.0.1.rc1, 5.0.1.rc2, 5.0.2, 5.0.2.rc1, 5.0.3, 5.0.4, 5.0.4.rc1, 5.0.5, 5.0.5.rc1, 5.0.5.rc2, 5.0.6, 5.0.6.rc1, 5.0.7, 5.0.7.1, 5.0.7.2, 5.1.0, 5.1.0.beta1, 5.1.0.rc1, 5.1.0.rc2, 5.1.1, 5.1.2, 5.1.2.rc1, 5.1.3, 5.1.3.rc1, 5.1.3.rc2, 5.1.3.rc3, 5.1.4, 5.1.4.rc1, 5.1.5, 5.1.5.rc1, 5.1.6, 5.1.6.1, 5.1.6.2, 5.1.7, 5.1.7.rc1, 5.2.0.beta1, 5.2.0.beta2, 5.2.0.rc1, 5.2.0.rc2, 6.1.7.10, 6.1.7.7, 6.1.7.8, 6.1.7.9, 7.0.0.alpha1, 7.0.0.alpha2, 7.0.0.rc1, 7.0.0.rc2, 7.0.0.rc3, 7.0.10, 7.0.8.1, 7.0.8.2, 7.0.8.3, 7.0.8.4, 7.0.8.5, 7.0.8.6, 7.0.8.7, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.3.1, 7.1.3.2, 7.1.3.3, 7.1.3.4, 7.1.4, 7.1.4.1, 7.1.4.2, 7.1.5, 7.1.5.1, 7.1.5.2, 7.1.6, 7.2.0, 7.2.0.beta1, 7.2.0.beta2, 7.2.0.beta3, 7.2.0.rc1, 7.2.1, 7.2.1.1, 7.2.1.2, 7.2.2, 7.2.2.1, 7.2.2.2, 7.2.3, 8.0.0, 8.0.0.1, 8.0.0.beta1, 8.0.0.rc1, 8.0.0.rc2, 8.0.1, 8.0.2, 8.0.2.1, 8.0.3, 8.0.4, 8.1.0, 8.1.0.beta1, 8.1.0.rc1, 8.1.1, 8.1.2]
Recommendation: Update to version 8.1.2.
511 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 3.1.0.rc3 | UNKNOWN | 2 | 2011-06-08 - 21:27 | over 14 years |
| 3.1.0.rc2 | UNKNOWN | 2 | 2011-06-08 - 00:16 | almost 15 years |
| 3.1.0.rc1 | UNKNOWN | 2 | 2011-05-22 - 02:26 | almost 15 years |
| 3.1.0.beta1 | UNKNOWN | 2 | 2011-05-05 - 01:23 | almost 15 years |
| 3.0.20 | UNKNOWN | 2 | 2013-01-28 - 21:01 | about 13 years |
| 3.0.19 | UNKNOWN | 2 | 2013-01-08 - 20:08 | about 13 years |
| 3.0.18 | UNKNOWN | 2 | 2013-01-02 - 21:19 | about 13 years |
| 3.0.17 | UNKNOWN | 2 | 2012-08-09 - 21:16 | over 13 years |
| 3.0.16 | UNKNOWN | 2 | 2012-07-26 - 22:08 | over 13 years |
| 3.0.15 | UNKNOWN | 2 | 2012-06-13 - 03:07 | over 13 years |
| 3.0.14 | UNKNOWN | 2 | 2012-06-12 - 21:26 | over 13 years |
| 3.0.13 | UNKNOWN | 2 | 2012-05-31 - 18:24 | almost 14 years |
| 3.0.13.rc1 | UNKNOWN | 2 | 2012-05-28 - 19:01 | almost 14 years |
| 3.0.12 | UNKNOWN | 2 | 2012-03-01 - 17:52 | about 14 years |
| 3.0.12.rc1 | UNKNOWN | 2 | 2012-02-22 - 21:39 | about 14 years |
| 3.0.11 | UNKNOWN | 2 | 2011-11-18 - 01:23 | over 14 years |
| 3.0.10 | UNKNOWN | 3 | 2011-08-16 - 22:14 | over 14 years |
| 3.0.10.rc1 | UNKNOWN | 3 | 2011-08-05 - 00:12 | over 14 years |
| 3.0.9 | UNKNOWN | 3 | 2011-06-16 - 10:05 | over 14 years |
| 3.0.9.rc5 | UNKNOWN | 3 | 2011-06-12 - 21:30 | over 14 years |
| 3.0.9.rc4 | UNKNOWN | 3 | 2011-06-12 - 21:24 | over 14 years |
| 3.0.9.rc3 | UNKNOWN | 3 | 2011-06-09 - 22:51 | over 14 years |
| 3.0.9.rc1 | UNKNOWN | 3 | 2011-06-08 - 21:20 | over 14 years |
| 3.0.8 | UNKNOWN | 3 | 2011-06-08 - 00:16 | almost 15 years |
| 3.0.8.rc4 | UNKNOWN | 3 | 2011-05-31 - 00:08 | almost 15 years |
| 3.0.8.rc2 | UNKNOWN | 3 | 2011-05-27 - 16:32 | almost 15 years |
| 3.0.8.rc1 | UNKNOWN | 3 | 2011-05-26 - 00:11 | almost 15 years |
| 3.0.7 | UNKNOWN | 3 | 2011-04-18 - 21:05 | almost 15 years |
| 3.0.7.rc2 | UNKNOWN | 4 | 2011-04-15 - 17:33 | almost 15 years |
| 3.0.7.rc1 | UNKNOWN | 4 | 2011-04-14 - 21:57 | almost 15 years |
| 3.0.6 | UNKNOWN | 4 | 2011-04-05 - 23:05 | almost 15 years |
| 3.0.6.rc2 | UNKNOWN | 5 | 2011-03-31 - 05:28 | almost 15 years |
| 3.0.6.rc1 | UNKNOWN | 5 | 2011-03-29 - 20:47 | almost 15 years |
| 3.0.5 | UNKNOWN | 5 | 2011-02-27 - 02:30 | about 15 years |
| 3.0.5.rc1 | UNKNOWN | 5 | 2011-02-23 - 19:08 | about 15 years |
| 3.0.4 | UNKNOWN | 5 | 2011-02-08 - 21:17 | about 15 years |
| 3.0.4.rc1 | UNKNOWN | 7 | 2011-01-30 - 23:00 | about 15 years |
| 3.0.3 | UNKNOWN | 7 | 2010-11-16 - 16:29 | over 15 years |
| 3.0.2 | UNKNOWN | 7 | 2010-11-15 - 19:33 | over 15 years |
| 3.0.1 | UNKNOWN | 7 | 2010-10-14 - 20:55 | over 15 years |
| 3.0.0 | UNKNOWN | 8 | 2010-08-29 - 23:11 | over 15 years |
| 3.0.0.rc2 | UNKNOWN | 2 | 2010-08-24 - 03:04 | over 15 years |
| 3.0.0.rc | UNKNOWN | 2 | 2010-07-26 - 21:43 | over 15 years |
| 3.0.0.beta4 | UNKNOWN | 2 | 2010-06-08 - 22:33 | over 15 years |
| 3.0.0.beta3 | UNKNOWN | 2 | 2010-04-13 - 19:23 | almost 16 years |
| 3.0.0.beta2 | UNKNOWN | 2 | 2010-04-01 - 21:26 | almost 16 years |
| 3.0.0.beta | UNKNOWN | 2 | 2010-02-05 - 03:02 | about 16 years |
| 2.3.18 | UNKNOWN | 2 | 2013-03-18 - 17:13 | almost 13 years |
| 2.3.17 | UNKNOWN | 2 | 2013-02-11 - 18:17 | about 13 years |
| 2.3.16 | UNKNOWN | 2 | 2013-01-28 - 21:01 | about 13 years |