Ruby/rails/3.0.6.rc1

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.

Repo Link: https://rubygems.org/gems/rails
License: UNKNOWN

5 Security Vulnerabilities

Rails vulnerable to Cross-site Scripting

Published date: 2017-10-24T18:33:36Z

CVE: CVE-2014-0081

Links:

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negativeformat, or (3) units parameter to the (a) numbertocurrency, (b) numbertopercentage, or (c) numberto_human helper.

Affected versions: ["4.0.2", "4.0.1", "4.0.1.rc4", "4.0.1.rc3", "4.0.1.rc2", "4.0.1.rc1", "4.0.0", "3.2.16", "3.2.15", "3.2.15.rc3", "3.2.15.rc2", "3.2.15.rc1", "3.2.14", "3.2.14.rc2", "3.2.14.rc1", "3.2.13", "3.2.13.rc2", "3.2.13.rc1", "3.2.12", "3.2.11", "3.2.10", "3.2.9", "3.2.9.rc3", "3.2.9.rc2", "3.2.9.rc1", "3.2.8", "3.2.8.rc2", "3.2.8.rc1", "3.2.7", "3.2.7.rc1", "3.2.6", "3.2.5", "3.2.4", "3.2.4.rc1", "3.2.3", "3.2.3.rc2", "3.2.3.rc1", "3.2.2", "3.2.2.rc1", "3.2.1", "3.2.0", "3.2.0.rc2", "3.2.0.rc1", "3.1.12", "3.1.11", "3.1.10", "3.1.9", "3.1.8", "3.1.7", "3.1.6", "3.1.5", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.1.0.rc8", "3.1.0.rc6", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.rc3", "3.1.0.rc2", "3.1.0.rc1", "3.1.0.beta1", "3.0.20", "3.0.19", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0"]

Secure versions: [6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.racecar1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.5, 4.2.5.rc2, 4.2.5.rc1, 4.2.4, 4.2.4.rc1, 4.2.3, 4.2.3.rc1, 4.2.2, 4.2.1, 4.2.1.rc4, 4.2.1.rc3, 4.2.1.rc2, 4.2.1.rc1, 4.2.0, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.14, 4.1.14.rc2, 4.1.14.rc1, 4.1.13, 4.1.13.rc1, 4.1.12, 4.1.12.rc1, 4.1.11, 4.1.10, 4.1.10.rc4, 4.1.10.rc3, 4.1.10.rc2, 4.1.10.rc1, 4.1.9, 4.1.9.rc1, 4.1.8, 4.1.7.1, 4.1.7, 4.1.6, 4.1.6.rc2, 4.1.6.rc1, 4.1.5, 4.1.4, 4.1.3, 4.1.2, 4.1.2.rc3, 4.1.2.rc2, 4.1.2.rc1, 4.1.1, 4.1.0, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 7.0.0, 6.1.4.4, 6.0.4.4, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 6.0.4.7, 5.2.6.3, 7.0.2.3, 6.1.4.7, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5]

Recommendation: Update to version 7.0.5.

Cross site scripting in rails

Published date: 2022-04-22T00:24:28Z

CVE: CVE-2011-1497

Links:

A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.

Affected versions: ["3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]

Recommendation: Update to version 7.0.5.

rails Cross-site Scripting vulnerability

Published date: 2017-10-24T18:33:38Z

CVE: CVE-2011-2197

Links:

The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.

Affected versions: ["3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0"]

Recommendation: Update to version 7.0.5.

Cross-site Scripting vulnerability in i18n translations helper method

Published date: 2017-10-24T18:33:38Z

CVE: CVE-2011-4319

Links:

Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an html substring.

Affected versions: ["3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0"]

Recommendation: Update to version 7.0.5.

Rails vulnerable to Cross-site Scripting

Published date: 2017-10-24

CVE: 2014-0081

CVSS V2: 4.3

Links:

https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negativeformat, or (3) units parameter to the (a) numbertocurrency, (b) numbertopercentage, or (c) numberto_human helper.

Affected versions: ["3.1.12", "3.1.11", "3.1.10", "3.1.9", "3.1.8", "3.1.7", "3.1.6", "3.1.5", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.1.0.rc8", "3.1.0.rc6", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.rc3", "3.1.0.rc2", "3.1.0.rc1", "3.1.0.beta1", "3.0.20", "3.0.19", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.2.6", "1.2.5", "1.2.4", "1.2.3", "1.2.2", "1.2.1", "1.2.0", "1.1.6", "1.1.5", "1.1.4", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.14.4", "0.14.3", "0.14.2", "0.14.1", "0.13.1", "0.13.0", "0.12.1", "0.12.0", "0.11.1", "0.11.0", "0.10.1", "0.10.0", "0.9.5", "0.9.4.1", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.5", "0.8.0"]

Recommendation: Update to version 7.0.5.

445 Other Versions

Version	License	Released
7.0.5	MIT	2023-05-24 - 19:21	6 days
7.0.4.3	MIT	2023-03-13 - 18:53	3 months
7.0.4.2	MIT	2023-01-25 - 03:14	4 months
7.0.4.1	MIT	2023-01-17 - 18:55	4 months
7.0.4	MIT	2022-09-09 - 18:42	9 months
7.0.3.1	MIT	2022-07-12 - 17:31	11 months
7.0.3	MIT	2022-05-09 - 13:41	about 1 year
7.0.2.4	MIT	2022-04-26 - 19:33	about 1 year
7.0.2.3	MIT	2022-03-08 - 17:50	about 1 year
7.0.2.2	MIT	2022-02-11 - 19:44	over 1 year
7.0.2.1	MIT	2022-02-11 - 18:19	over 1 year
7.0.2	MIT	2022-02-08 - 23:13	over 1 year
7.0.1	MIT	2022-01-06 - 21:55	over 1 year
7.0.0	MIT	2021-12-15 - 23:45	over 1 year
7.0.0.rc3	MIT	2021-12-14 - 23:04	over 1 year
7.0.0.rc2	MIT	2021-12-14 - 19:40	over 1 year
7.0.0.rc1	MIT	2021-12-06 - 21:33	over 1 year
7.0.0.alpha2	MIT	2021-09-15 - 23:16	over 1 year
7.0.0.alpha1	MIT	2021-09-15 - 21:58	over 1 year
6.1.7.3	MIT	2023-03-13 - 18:48	3 months
6.1.7.2	MIT	2023-01-25 - 03:23	4 months
6.1.7.1	MIT	2023-01-17 - 18:54	4 months
6.1.7	MIT	2022-09-09 - 18:39	9 months
6.1.6.1	MIT	2022-07-12 - 17:29	11 months
6.1.6	MIT	2022-05-09 - 13:46	about 1 year
6.1.5.1	MIT	2022-04-26 - 19:30	about 1 year
6.1.5	MIT	2022-03-10 - 21:17	about 1 year
6.1.4.7	MIT	2022-03-08 - 17:49	about 1 year
6.1.4.6	MIT	2022-02-11 - 19:42	over 1 year
6.1.4.5	MIT	2022-02-11 - 18:23	over 1 year
6.1.4.4	MIT	2021-12-15 - 22:54	over 1 year
6.1.4.3	MIT	2021-12-14 - 23:02	over 1 year
6.1.4.2	MIT	2021-12-14 - 19:54	over 1 year
6.1.4.1	MIT	2021-08-19 - 16:27	almost 2 years
6.1.4	MIT	2021-06-24 - 20:41	almost 2 years
6.1.3.2	MIT	2021-05-05 - 15:47	about 2 years
6.1.3.1	MIT	2021-03-26 - 18:08	about 2 years
6.1.3	MIT	2021-02-17 - 18:43	over 2 years
6.1.2.1	MIT	2021-02-10 - 20:46	over 2 years
6.1.2	MIT	2021-02-09 - 21:30	over 2 years
6.1.1	MIT	2021-01-07 - 23:00	over 2 years
6.1.0	MIT	2020-12-09 - 19:58	over 2 years
6.1.0.rc2	MIT	2020-12-01 - 22:02	over 2 years
6.1.0.rc1	MIT	2020-11-02 - 21:21	over 2 years
6.0.6.1	MIT	2023-01-17 - 18:53	4 months
6.0.6	MIT	2022-09-09 - 18:32	9 months
6.0.5.1	MIT	2022-07-12 - 17:28	11 months
6.0.5	MIT	2022-05-09 - 13:55	about 1 year
6.0.4.8	MIT	2022-04-26 - 19:27	about 1 year
6.0.4.7	MIT	2022-03-08 - 17:47	about 1 year
6.0.4.6	MIT	2022-02-11 - 19:40	over 1 year
6.0.4.5	MIT	2022-02-11 - 18:25	over 1 year
6.0.4.4	MIT	2021-12-15 - 22:48	over 1 year
6.0.4.3	MIT	2021-12-14 - 23:01	over 1 year
6.0.4.2	MIT	2021-12-14 - 20:11	over 1 year
6.0.4.1	MIT	2021-08-19 - 16:24	almost 2 years
6.0.4	MIT	2021-06-15 - 20:18	almost 2 years
6.0.3.7	MIT	2021-05-05 - 16:02	about 2 years
6.0.3.6	MIT	2021-03-26 - 17:34	about 2 years
6.0.3.5	MIT	2021-02-10 - 20:40	over 2 years
6.0.3.4	MIT	2020-10-07 - 16:51	over 2 years
6.0.3.3	MIT	2020-09-09 - 18:40	over 2 years
6.0.3.2	MIT	2020-06-17 - 14:55	almost 3 years
6.0.3.1	MIT	2020-05-18 - 15:47	about 3 years
6.0.3	MIT	2020-05-06 - 18:06	about 3 years
6.0.3.rc1	MIT	2020-05-01 - 17:19	about 3 years
6.0.2.2	MIT	2020-03-19 - 16:44	about 3 years
6.0.2.1	MIT	2019-12-18 - 19:09	over 3 years
6.0.2	MIT	2019-12-13 - 18:22	over 3 years
6.0.2.rc2	MIT	2019-12-09 - 16:14	over 3 years
6.0.2.rc1	MIT	2019-11-27 - 15:14	over 3 years
6.0.1	MIT	2019-11-05 - 14:41	over 3 years
6.0.1.rc1	MIT	2019-10-31 - 20:12	over 3 years
6.0.0	MIT	2019-08-16 - 18:01	almost 4 years
6.0.0.rc2	MIT	2019-07-22 - 21:13	almost 4 years
6.0.0.rc1	MIT	2019-04-24 - 18:51	about 4 years
6.0.0.beta3	MIT	2019-03-13 - 17:03	about 4 years
6.0.0.beta2	MIT	2019-02-25 - 22:46	over 4 years
6.0.0.beta1	MIT	2019-01-18 - 21:24	over 4 years
5.2.8.1	MIT	2022-07-12 - 17:26	11 months
5.2.8	MIT	2022-05-09 - 14:04	about 1 year
5.2.7.1	MIT	2022-04-26 - 19:23	about 1 year
5.2.7	MIT	2022-03-11 - 00:01	about 1 year
5.2.6.3	MIT	2022-03-08 - 17:46	about 1 year
5.2.6.2	MIT	2022-02-11 - 19:37	over 1 year
5.2.6.1	MIT	2022-02-11 - 18:44	over 1 year
5.2.6	MIT	2021-05-05 - 17:09	about 2 years
5.2.5	MIT	2021-03-26 - 17:21	about 2 years
5.2.4.6	MIT	2021-05-05 - 15:29	about 2 years
5.2.4.5	MIT	2021-02-10 - 20:36	over 2 years
5.2.4.4	MIT	2020-09-09 - 18:40	over 2 years
5.2.4.3	MIT	2020-05-18 - 15:43	about 3 years
5.2.4.2	MIT	2020-03-19 - 16:38	about 3 years
5.2.4.1	MIT	2019-12-18 - 19:04	over 3 years
5.2.4	MIT	2019-11-27 - 15:48	over 3 years
5.2.4.rc1	MIT	2019-11-23 - 00:29	over 3 years
5.2.3	MIT	2019-03-28 - 03:02	about 4 years
5.2.3.rc1	MIT	2019-03-22 - 03:35	about 4 years
5.2.2.1	MIT	2019-03-13 - 16:54	about 4 years
5.2.2	MIT	2018-12-04 - 18:15	over 4 years