Ruby/rails/3.0.0.rc2

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Repo Link: https://rubygems.org/gems/rails
License: UNKNOWN

2 Security Vulnerabilities

Cross site scripting in rails

Published date: 2022-04-22T00:24:28Z

CVE: CVE-2011-1497

Links:

A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.

Affected versions: ["3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]

Secure versions: [3.2.17, 3.2.18, 3.2.19, 3.2.20, 3.2.21, 3.2.22, 3.2.22.1, 3.2.22.2, 3.2.22.3, 3.2.22.4, 3.2.22.5, 4.0.0.beta1, 4.0.0.rc1, 4.0.0.rc2, 4.0.10, 4.0.10.rc1, 4.0.10.rc2, 4.0.11, 4.0.11.1, 4.0.12, 4.0.13, 4.0.13.rc1, 4.0.3, 4.0.4, 4.0.4.rc1, 4.0.5, 4.0.6, 4.0.6.rc1, 4.0.6.rc2, 4.0.6.rc3, 4.0.7, 4.0.8, 4.0.9, 4.1.0, 4.1.0.beta1, 4.1.0.beta2, 4.1.0.rc1, 4.1.0.rc2, 4.1.1, 4.1.10, 4.1.10.rc1, 4.1.10.rc2, 4.1.10.rc3, 4.1.10.rc4, 4.1.11, 4.1.12, 4.1.12.rc1, 4.1.13, 4.1.13.rc1, 4.1.14, 4.1.14.1, 4.1.14.2, 4.1.14.rc1, 4.1.14.rc2, 4.1.15, 4.1.15.rc1, 4.1.16, 4.1.16.rc1, 4.1.2, 4.1.2.rc1, 4.1.2.rc2, 4.1.2.rc3, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.6.rc1, 4.1.6.rc2, 4.1.7, 4.1.7.1, 4.1.8, 4.1.9, 4.1.9.rc1, 4.2.0, 4.2.0.beta1, 4.2.0.beta2, 4.2.0.beta3, 4.2.0.beta4, 4.2.0.rc1, 4.2.0.rc2, 4.2.0.rc3, 4.2.1, 4.2.1.rc1, 4.2.1.rc2, 4.2.1.rc3, 4.2.1.rc4, 4.2.10, 4.2.10.rc1, 4.2.11, 4.2.11.1, 4.2.11.2, 4.2.11.3, 4.2.2, 4.2.3, 4.2.3.rc1, 4.2.4, 4.2.4.rc1, 4.2.5, 4.2.5.1, 4.2.5.2, 4.2.5.rc1, 4.2.5.rc2, 4.2.6, 4.2.6.rc1, 4.2.7, 4.2.7.1, 4.2.7.rc1, 4.2.8, 4.2.8.rc1, 4.2.9, 4.2.9.rc1, 4.2.9.rc2, 5.0.0, 5.0.0.1, 5.0.0.beta1, 5.0.0.beta1.1, 5.0.0.beta2, 5.0.0.beta3, 5.0.0.beta4, 5.0.0.racecar1, 5.0.0.rc1, 5.0.0.rc2, 5.0.1, 5.0.1.rc1, 5.0.1.rc2, 5.0.2, 5.0.2.rc1, 5.0.3, 5.0.4, 5.0.4.rc1, 5.0.5, 5.0.5.rc1, 5.0.5.rc2, 5.0.6, 5.0.6.rc1, 5.0.7, 5.0.7.1, 5.0.7.2, 5.1.0, 5.1.0.beta1, 5.1.0.rc1, 5.1.0.rc2, 5.1.1, 5.1.2, 5.1.2.rc1, 5.1.3, 5.1.3.rc1, 5.1.3.rc2, 5.1.3.rc3, 5.1.4, 5.1.4.rc1, 5.1.5, 5.1.5.rc1, 5.1.6, 5.1.6.1, 5.1.6.2, 5.1.7, 5.1.7.rc1, 5.2.0.beta1, 5.2.0.beta2, 5.2.0.rc1, 5.2.0.rc2, 6.1.7.10, 6.1.7.7, 6.1.7.8, 6.1.7.9, 7.0.0.alpha1, 7.0.0.alpha2, 7.0.0.rc1, 7.0.0.rc2, 7.0.0.rc3, 7.0.10, 7.0.8.1, 7.0.8.2, 7.0.8.3, 7.0.8.4, 7.0.8.5, 7.0.8.6, 7.0.8.7, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.3.1, 7.1.3.2, 7.1.3.3, 7.1.3.4, 7.1.4, 7.1.4.1, 7.1.4.2, 7.1.5, 7.1.5.1, 7.1.5.2, 7.1.6, 7.2.0, 7.2.0.beta1, 7.2.0.beta2, 7.2.0.beta3, 7.2.0.rc1, 7.2.1, 7.2.1.1, 7.2.1.2, 7.2.2, 7.2.2.1, 7.2.2.2, 7.2.3, 8.0.0, 8.0.0.1, 8.0.0.beta1, 8.0.0.rc1, 8.0.0.rc2, 8.0.1, 8.0.2, 8.0.2.1, 8.0.3, 8.0.4, 8.1.0, 8.1.0.beta1, 8.1.0.rc1, 8.1.1, 8.1.2]

Recommendation: Update to version 8.1.2.

Rails vulnerable to Cross-site Scripting

Published date: 2017-10-24

CVE: 2014-0081

CVSS V2: 4.3

Links:

https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negativeformat, or (3) units parameter to the (a) numbertocurrency, (b) numbertopercentage, or (c) numberto_human helper.

Affected versions: ["3.1.1.rc1", "3.0.17", "3.0.15", "3.0.14", "3.0.12.rc1", "3.0.10.rc1", "3.0.9", "3.0.7", "3.0.4.rc1", "2.3.17", "2.3.9", "2.3.8", "2.3.5", "2.3.3", "2.1.2", "2.0.5", "1.1.5", "3.1.11", "3.1.2.rc1", "3.1.1", "3.1.0", "3.1.0.rc8", "3.0.20", "3.0.18", "3.0.9.rc4", "3.0.8.rc1", "3.0.2", "3.0.0", "3.0.0.beta4", "2.3.14", "2.0.0", "1.2.5", "0.11.1", "0.10.0", "0.9.2", "3.1.10", "3.1.9", "3.1.1.rc3", "3.1.0.rc1", "3.0.6.rc2", "3.0.4", "3.0.3", "3.0.0.beta", "2.3.10", "2.3.8.pre1", "2.2.2", "1.1.6", "3.1.8", "3.1.5.rc1", "3.1.0.rc6", "3.1.0.rc3", "3.0.19", "3.0.13", "3.0.10", "3.0.5.rc1", "3.0.0.beta3", "2.3.16", "2.0.1", "1.2.2", "1.1.3", "0.14.4", "0.9.4.1", "0.14.2", "0.11.0", "0.9.4", "0.9.0", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.beta1", "3.0.9.rc1", "3.0.8.rc2", "3.1.4", "3.1.3", "3.1.2", "3.1.0.rc2", "3.0.16", "3.0.11", "3.0.8", "3.0.8.rc4", "3.0.6.rc1", "3.1.12", "3.1.7", "3.1.6", "3.1.5", "3.1.2.rc2", "3.1.1.rc2", "3.0.13.rc1", "3.0.12", "3.0.9.rc5", "3.0.7.rc1", "3.1.4.rc1", "3.0.9.rc3", "3.0.7.rc2", "3.0.6", "3.0.5", "3.0.0.rc", "2.3.11", "2.0.4", "1.1.1", "1.0.0", "0.13.0", "0.12.1", "0.10.1", "0.9.3", "2.3.12", "2.3.6", "2.3.2", "2.0.2", "1.2.3", "1.1.4", "1.1.2", "0.14.1", "0.8.0", "3.0.1", "3.0.0.rc2", "2.3.9.pre", "2.3.4", "2.1.1", "1.2.6", "0.14.3", "0.12.0", "0.9.5", "0.9.1", "3.0.0.beta2", "2.3.18", "2.3.15", "2.3.7", "2.2.3", "2.1.0", "1.2.4", "1.2.1", "1.2.0", "1.1.0", "0.13.1", "0.8.5"]

Recommendation: Update to version 8.1.2.

511 Other Versions

Version	License	Security	Released
3.2.13.rc1	UNKNOWN	1	2013-02-27 - 20:25	about 13 years
3.2.12	UNKNOWN	1	2013-02-11 - 18:17	about 13 years
3.2.11	UNKNOWN	1	2013-01-08 - 20:08	about 13 years
3.2.10	UNKNOWN	1	2013-01-02 - 21:20	about 13 years
3.2.9	UNKNOWN	1	2012-11-12 - 15:21	over 13 years
3.2.9.rc3	UNKNOWN	1	2012-11-09 - 18:00	over 13 years
3.2.9.rc2	UNKNOWN	1	2012-11-01 - 17:39	over 13 years
3.2.9.rc1	UNKNOWN	1	2012-10-29 - 17:07	over 13 years
3.2.8	UNKNOWN	1	2012-08-09 - 21:23	over 13 years
3.2.8.rc2	UNKNOWN	1	2012-08-03 - 14:29	over 13 years
3.2.8.rc1	UNKNOWN	1	2012-08-01 - 20:57	over 13 years
3.2.7	UNKNOWN	1	2012-07-26 - 22:09	over 13 years
3.2.7.rc1	UNKNOWN	1	2012-07-23 - 21:45	over 13 years
3.2.6	UNKNOWN	1	2012-06-12 - 21:26	over 13 years
3.2.5	UNKNOWN	1	2012-06-01 - 03:39	almost 14 years
3.2.4	UNKNOWN	1	2012-05-31 - 18:25	almost 14 years
3.2.4.rc1	UNKNOWN	1	2012-05-28 - 19:01	almost 14 years
3.2.3	UNKNOWN	1	2012-03-30 - 22:26	almost 14 years
3.2.3.rc2	UNKNOWN	1	2012-03-29 - 16:14	almost 14 years
3.2.3.rc1	UNKNOWN	1	2012-03-27 - 17:11	almost 14 years
3.2.2	UNKNOWN	1	2012-03-01 - 17:52	about 14 years
3.2.2.rc1	UNKNOWN	1	2012-02-22 - 21:39	about 14 years
3.2.1	UNKNOWN	1	2012-01-26 - 23:09	about 14 years
3.2.0	UNKNOWN	1	2012-01-20 - 16:47	about 14 years
3.2.0.rc2	UNKNOWN	1	2012-01-04 - 21:05	about 14 years
3.2.0.rc1	UNKNOWN	1	2011-12-20 - 00:41	about 14 years
3.1.12	UNKNOWN	2	2013-03-18 - 17:13	almost 13 years
3.1.11	UNKNOWN	2	2013-02-11 - 18:17	about 13 years
3.1.10	UNKNOWN	2	2013-01-08 - 20:08	about 13 years
3.1.9	UNKNOWN	2	2013-01-02 - 21:19	about 13 years
3.1.8	UNKNOWN	2	2012-08-09 - 21:20	over 13 years
3.1.7	UNKNOWN	2	2012-07-26 - 22:09	over 13 years
3.1.6	UNKNOWN	2	2012-06-12 - 21:26	over 13 years
3.1.5	UNKNOWN	2	2012-05-31 - 18:25	almost 14 years
3.1.5.rc1	UNKNOWN	2	2012-05-28 - 19:01	almost 14 years
3.1.4	UNKNOWN	2	2012-03-01 - 17:52	about 14 years
3.1.4.rc1	UNKNOWN	2	2012-02-22 - 21:39	about 14 years
3.1.3	UNKNOWN	2	2011-11-20 - 22:52	over 14 years
3.1.2	UNKNOWN	2	2011-11-18 - 01:33	over 14 years
3.1.2.rc2	UNKNOWN	3	2011-11-14 - 15:49	over 14 years
3.1.2.rc1	UNKNOWN	3	2011-11-14 - 14:17	over 14 years
3.1.1	UNKNOWN	3	2011-10-07 - 15:30	over 14 years
3.1.1.rc3	UNKNOWN	3	2011-10-06 - 02:31	over 14 years
3.1.1.rc2	UNKNOWN	3	2011-09-29 - 22:17	over 14 years
3.1.1.rc1	UNKNOWN	3	2011-09-15 - 00:27	over 14 years
3.1.0	UNKNOWN	3	2011-08-31 - 02:18	over 14 years
3.1.0.rc8	UNKNOWN	2	2011-08-29 - 03:27	over 14 years
3.1.0.rc6	UNKNOWN	2	2011-08-16 - 22:33	over 14 years
3.1.0.rc5	UNKNOWN	2	2011-07-25 - 23:05	over 14 years
3.1.0.rc4	UNKNOWN	2	2011-06-09 - 22:56	almost 15 years