About the Security Announcements category
|
|
1
|
4293
|
February 10, 2021
|
[CVE-2024-47889] Possible ReDoS vulnerability in block_format in Action Mailer
|
|
0
|
632
|
October 15, 2024
|
[CVE-2024-54133] Possible Content Security Policy bypass in Action Dispatch
|
|
0
|
1041
|
December 10, 2024
|
Rails-html-sanitizer v1.6.1 addresses multiple CVEs
|
|
0
|
443
|
December 2, 2024
|
[CVE-2024-47888] Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
|
|
0
|
506
|
October 15, 2024
|
[CVE-2024-41128] Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
|
|
0
|
688
|
October 15, 2024
|
[CVE-2024-47887] Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
|
|
0
|
780
|
October 15, 2024
|
[CVE-2024-32464] ActionText ContentAttachment's can Contain Unsanitized HTML
|
|
0
|
2223
|
June 4, 2024
|
[CVE-2024-28103] Permissions-Policy is Only Served on HTML Content-Type
|
|
0
|
1835
|
June 4, 2024
|
XSS Vulnerabilities in Trix Editor
|
|
0
|
1759
|
May 17, 2024
|
Possible XSS Vulnerability in Action Controller
|
|
2
|
7819
|
February 27, 2024
|
Possible Denial of Service Vulnerability in Rack Header Parsing
|
|
0
|
4516
|
February 21, 2024
|
Possible ReDoS vulnerability in Accept header parsing in Action Dispatch
|
|
0
|
3810
|
February 21, 2024
|
Denial of Service Vulnerability in Rack Content-Type Parsing
|
|
0
|
4846
|
February 21, 2024
|
Possible Sensitive Session Information Leak in Active Storage
|
|
0
|
5285
|
February 21, 2024
|
Possible DoS Vulnerability with Range Header in Rack
|
|
0
|
4535
|
February 21, 2024
|
[CVE-2023-38037] Possible File Disclosure of Locally Encrypted Files
|
|
0
|
6097
|
August 22, 2023
|
[CVE-2023-28362] Possible XSS via User Supplied Values to redirect_to
|
|
0
|
12034
|
June 26, 2023
|
[CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID
|
|
0
|
5984
|
January 17, 2023
|
[CVE-2022-44572] Possible Denial of Service Vulnerability in Rack's RFC2183 boundary parsing
|
|
0
|
4531
|
January 17, 2023
|
[CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing
|
|
0
|
6789
|
January 17, 2023
|
[CVE-2023-27539] Possible Denial of Service Vulnerability in Rack's header parsing
|
|
0
|
6938
|
March 13, 2023
|
[CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON
|
|
0
|
3927
|
March 13, 2023
|
[CVE-2023-28120] Possible XSS Security Vulnerability in SafeBuffer#bytesplice
|
|
0
|
8308
|
March 13, 2023
|
[CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
|
|
0
|
6416
|
March 13, 2023
|
[CVE-2023-27530] Possible DoS Vulnerability in Multipart MIME parsing
|
|
0
|
10482
|
March 2, 2023
|
[CVE-2022-44570] Possible Denial of Service Vulnerability in Rack's Range header parsing
|
|
0
|
7210
|
January 17, 2023
|
[CVE-2023-22794] SQL Injection Vulnerability via ActiveRecord comments
|
|
0
|
31009
|
January 17, 2023
|
[CVE-2023-22795] Possible ReDoS based DoS vulnerability in Action Dispatch
|
|
0
|
7635
|
January 17, 2023
|
[CVE-2022-44566] Possible Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
|
|
0
|
7468
|
January 17, 2023
|