Ruby/rails/2.3.4


Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

https://rubygems.org/gems/rails
UNKNOWN

7 Security Vulnerabilities

rails Cross-Site Request Forgery vulnerability

Published date: 2017-10-24T18:33:38Z
CVE: CVE-2011-0447
Links:

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage combinations of browser plugins and HTTP redirects, a related issue to CVE-2011-0696.

Affected versions: ["3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0"]
Secure versions: [5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7]
Recommendation: Update to version 7.1.3.2.

rails vulnerable to Cross-site Scripting

Published date: 2017-10-24T18:33:38Z
CVE: CVE-2011-0446
Links:

Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.

Affected versions: ["3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions: [5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7]
Recommendation: Update to version 7.1.3.2.

Moderate severity vulnerability that affects rails

Published date: 2017-10-24T18:33:38Z
CVE: CVE-2009-4214
Links:

Cross-site scripting (XSS) vulnerability in the striptags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/actioncontroller/vendor/html-scanner/html/node.rb.

Affected versions: ["2.3.4", "2.3.3", "2.3.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions: [5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7]
Recommendation: Update to version 7.1.3.2.

Cross site scripting in rails

Published date: 2022-04-22T00:24:28Z
CVE: CVE-2011-1497
Links:

A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.

Affected versions: ["3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions: [5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7]
Recommendation: Update to version 7.1.3.2.

rails Cross-site Scripting vulnerability

Published date: 2017-10-24T18:33:38Z
CVE: CVE-2011-2197
Links:

The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.

Affected versions: ["3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0"]
Secure versions: [5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7]
Recommendation: Update to version 7.1.3.2.

Moderate severity XSS vulnerability that affects rails

Published date: 2017-10-24
Framework: rails
CVE: 2009-4214
CVSS V2: 4.3
Links:

Cross-site scripting (XSS) vulnerability in the striptags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters,related to HTML::Tokenizer and actionpack/lib/actioncontroller/vendor/html-scanner/html/node.rb.

Affected versions: ["2.3.4", "2.3.3", "2.3.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions: [5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7]
Recommendation: Update to version 7.1.3.2.

Rails vulnerable to Cross-site Scripting

Published date: 2017-10-24
CVE: 2014-0081
CVSS V2: 4.3
Links:

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negativeformat, or (3) units parameter to the (a) numbertocurrency, (b) numbertopercentage, or (c) numberto_human helper.

Affected versions: ["3.1.12", "3.1.11", "3.1.10", "3.1.9", "3.1.8", "3.1.7", "3.1.6", "3.1.5", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.1.0.rc8", "3.1.0.rc6", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.rc3", "3.1.0.rc2", "3.1.0.rc1", "3.1.0.beta1", "3.0.20", "3.0.19", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]
Secure versions: [5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7]
Recommendation: Update to version 7.1.3.2.

465 Other Versions

Version License Security Released
3.0.0.beta UNKNOWN 2 2010-02-05 - 03:02 about 14 years
2.3.18 UNKNOWN 2 2013-03-18 - 17:13 about 11 years
2.3.17 UNKNOWN 2 2013-02-11 - 18:17 about 11 years
2.3.16 UNKNOWN 2 2013-01-28 - 21:01 about 11 years
2.3.15 UNKNOWN 2 2013-01-08 - 20:08 about 11 years
2.3.14 UNKNOWN 2 2011-08-16 - 22:01 over 12 years
2.3.12 UNKNOWN 2 2011-06-08 - 00:22 almost 13 years
2.3.11 UNKNOWN 2 2011-02-08 - 21:17 about 13 years
2.3.10 UNKNOWN 5 2010-10-14 - 20:53 over 13 years
2.3.9 UNKNOWN 6 2010-09-04 - 21:54 over 13 years
2.3.9.pre UNKNOWN 5 2010-08-30 - 03:32 over 13 years
2.3.8 UNKNOWN 5 2010-05-25 - 04:53 almost 14 years
2.3.8.pre1 UNKNOWN 5 2010-05-24 - 21:17 almost 14 years
2.3.7 UNKNOWN 5 2010-05-24 - 08:23 almost 14 years
2.3.6 UNKNOWN 5 2010-05-23 - 07:49 almost 14 years
2.3.5 UNKNOWN 5 2009-11-27 - 00:12 over 14 years
2.3.4 UNKNOWN 7 2009-09-04 - 17:33 over 14 years
2.3.3 UNKNOWN 9 2009-08-05 - 13:21 over 14 years
2.3.2 UNKNOWN 11 2009-07-25 - 18:01 over 14 years
2.2.3 UNKNOWN 7 2009-09-28 - 09:25 over 14 years
2.2.2 UNKNOWN 9 2009-07-25 - 18:01 over 14 years
2.1.2 UNKNOWN 12 2009-07-25 - 18:01 over 14 years
2.1.1 UNKNOWN 12 2009-07-25 - 18:01 over 14 years
2.1.0 UNKNOWN 13 2009-07-25 - 18:01 over 14 years
2.0.5 UNKNOWN 10 2009-07-25 - 18:01 over 14 years
2.0.4 UNKNOWN 12 2009-07-25 - 18:01 over 14 years
2.0.2 UNKNOWN 12 2009-07-25 - 18:01 over 14 years
2.0.1 UNKNOWN 12 2009-07-25 - 18:01 over 14 years
2.0.0 UNKNOWN 12 2009-07-25 - 18:01 over 14 years
1.2.6 UNKNOWN 10 2009-07-25 - 18:01 over 14 years
1.2.5 UNKNOWN 12 2009-07-25 - 18:01 over 14 years
1.2.4 UNKNOWN 15 2009-07-25 - 18:01 over 14 years
1.2.3 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
1.2.2 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
1.2.1 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
1.2.0 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
1.1.6 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
1.1.5 UNKNOWN 22 2009-07-25 - 18:01 over 14 years
1.1.4 UNKNOWN 22 2009-07-25 - 18:01 over 14 years
1.1.3 UNKNOWN 22 2009-07-25 - 18:01 over 14 years
1.1.2 UNKNOWN 22 2009-07-25 - 18:01 over 14 years
1.1.1 UNKNOWN 22 2009-07-25 - 18:01 over 14 years
1.1.0 UNKNOWN 22 2009-07-25 - 18:01 over 14 years
1.0.0 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.14.4 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.14.3 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.14.2 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.14.1 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.13.1 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.13.0 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.12.1 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.12.0 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.11.1 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.11.0 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.10.1 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.10.0 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.9.5 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.9.4.1 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.9.4 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.9.3 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.9.2 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.9.1 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.9.0 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.8.5 UNKNOWN 18 2009-07-25 - 18:01 over 14 years
0.8.0 UNKNOWN 18 2009-07-25 - 18:01 over 14 years