About the Security Announcements category
|
|
1
|
4392
|
February 10, 2021
|
[CVE-2024-47889] Possible ReDoS vulnerability in block_format in Action Mailer
|
|
0
|
680
|
October 15, 2024
|
[CVE-2024-54133] Possible Content Security Policy bypass in Action Dispatch
|
|
0
|
1130
|
December 10, 2024
|
Rails-html-sanitizer v1.6.1 addresses multiple CVEs
|
|
0
|
469
|
December 2, 2024
|
[CVE-2024-47888] Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
|
|
0
|
519
|
October 15, 2024
|
[CVE-2024-41128] Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
|
|
0
|
733
|
October 15, 2024
|
[CVE-2024-47887] Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
|
|
0
|
812
|
October 15, 2024
|
[CVE-2024-32464] ActionText ContentAttachment's can Contain Unsanitized HTML
|
|
0
|
2244
|
June 4, 2024
|
[CVE-2024-28103] Permissions-Policy is Only Served on HTML Content-Type
|
|
0
|
1858
|
June 4, 2024
|
XSS Vulnerabilities in Trix Editor
|
|
0
|
1779
|
May 17, 2024
|
Possible XSS Vulnerability in Action Controller
|
|
2
|
7871
|
February 27, 2024
|
Possible Denial of Service Vulnerability in Rack Header Parsing
|
|
0
|
4542
|
February 21, 2024
|
Possible ReDoS vulnerability in Accept header parsing in Action Dispatch
|
|
0
|
3835
|
February 21, 2024
|
Denial of Service Vulnerability in Rack Content-Type Parsing
|
|
0
|
4877
|
February 21, 2024
|
Possible Sensitive Session Information Leak in Active Storage
|
|
0
|
5355
|
February 21, 2024
|
Possible DoS Vulnerability with Range Header in Rack
|
|
0
|
4579
|
February 21, 2024
|
[CVE-2023-38037] Possible File Disclosure of Locally Encrypted Files
|
|
0
|
6128
|
August 22, 2023
|
[CVE-2023-28362] Possible XSS via User Supplied Values to redirect_to
|
|
0
|
12139
|
June 26, 2023
|
[CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID
|
|
0
|
6012
|
January 17, 2023
|
[CVE-2022-44572] Possible Denial of Service Vulnerability in Rack's RFC2183 boundary parsing
|
|
0
|
4532
|
January 17, 2023
|
[CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing
|
|
0
|
6801
|
January 17, 2023
|
[CVE-2023-27539] Possible Denial of Service Vulnerability in Rack's header parsing
|
|
0
|
6949
|
March 13, 2023
|
[CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON
|
|
0
|
3946
|
March 13, 2023
|
[CVE-2023-28120] Possible XSS Security Vulnerability in SafeBuffer#bytesplice
|
|
0
|
8335
|
March 13, 2023
|
[CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
|
|
0
|
6439
|
March 13, 2023
|
[CVE-2023-27530] Possible DoS Vulnerability in Multipart MIME parsing
|
|
0
|
10501
|
March 2, 2023
|
[CVE-2022-44570] Possible Denial of Service Vulnerability in Rack's Range header parsing
|
|
0
|
7221
|
January 17, 2023
|
[CVE-2023-22794] SQL Injection Vulnerability via ActiveRecord comments
|
|
0
|
31062
|
January 17, 2023
|
[CVE-2023-22795] Possible ReDoS based DoS vulnerability in Action Dispatch
|
|
0
|
7652
|
January 17, 2023
|
[CVE-2022-44566] Possible Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
|
|
0
|
7485
|
January 17, 2023
|