Security Announcements

Topic	Replies	Views	Activity
About the Security Announcements category	1	4396	February 10, 2021
[CVE-2024-47889] Possible ReDoS vulnerability in block_format in Action Mailer security	0	743	October 15, 2024
[CVE-2024-54133] Possible Content Security Policy bypass in Action Dispatch announcement , security	0	1173	December 10, 2024
Rails-html-sanitizer v1.6.1 addresses multiple CVEs	0	483	December 2, 2024
[CVE-2024-47888] Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text security	0	530	October 15, 2024
[CVE-2024-41128] Possible ReDoS vulnerability in query parameter filtering in Action Dispatch security	0	749	October 15, 2024
[CVE-2024-47887] Possible ReDoS vulnerability in HTTP Token authentication in Action Controller security	0	827	October 15, 2024
[CVE-2024-32464] ActionText ContentAttachment's can Contain Unsanitized HTML	0	2258	June 4, 2024
[CVE-2024-28103] Permissions-Policy is Only Served on HTML Content-Type	0	1869	June 4, 2024
XSS Vulnerabilities in Trix Editor announcement	0	1783	May 17, 2024
Possible XSS Vulnerability in Action Controller announcement , patch	2	7887	February 27, 2024
Possible Denial of Service Vulnerability in Rack Header Parsing announcement , rack	0	4551	February 21, 2024
Possible ReDoS vulnerability in Accept header parsing in Action Dispatch announcement , patch	0	3840	February 21, 2024
Denial of Service Vulnerability in Rack Content-Type Parsing announcement , rack	0	4885	February 21, 2024
Possible Sensitive Session Information Leak in Active Storage announcement , patch	0	5375	February 21, 2024
Possible DoS Vulnerability with Range Header in Rack announcement , rack	0	4588	February 21, 2024
[CVE-2023-38037] Possible File Disclosure of Locally Encrypted Files announcement , security	0	6134	August 22, 2023
[CVE-2023-28362] Possible XSS via User Supplied Values to redirect_to announcement , security	0	12188	June 26, 2023
[CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID patch , security , globalid	0	6021	January 17, 2023
[CVE-2022-44572] Possible Denial of Service Vulnerability in Rack's RFC2183 boundary parsing patch , rack , security	0	4543	January 17, 2023
[CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing patch , rack , security	0	6825	January 17, 2023
[CVE-2023-27539] Possible Denial of Service Vulnerability in Rack's header parsing announcement , patch , security	0	6960	March 13, 2023
[CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON announcement , patch , security	0	3951	March 13, 2023
[CVE-2023-28120] Possible XSS Security Vulnerability in SafeBuffer#bytesplice announcement , patch , security	0	8344	March 13, 2023
[CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements announcement , patch , security	0	6455	March 13, 2023
[CVE-2023-27530] Possible DoS Vulnerability in Multipart MIME parsing announcement , security	0	10516	March 2, 2023
[CVE-2022-44570] Possible Denial of Service Vulnerability in Rack's Range header parsing patch , rack , security	0	7231	January 17, 2023
[CVE-2023-22794] SQL Injection Vulnerability via ActiveRecord comments patch , activerecord , security	0	31074	January 17, 2023
[CVE-2023-22795] Possible ReDoS based DoS vulnerability in Action Dispatch patch , security , actiondispatch	0	7659	January 17, 2023
[CVE-2022-44566] Possible Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter patch , activerecord , security	0	7493	January 17, 2023