About the Security Announcements category
|
|
1
|
4396
|
February 10, 2021
|
[CVE-2024-47889] Possible ReDoS vulnerability in block_format in Action Mailer
|
|
0
|
743
|
October 15, 2024
|
[CVE-2024-54133] Possible Content Security Policy bypass in Action Dispatch
|
|
0
|
1173
|
December 10, 2024
|
Rails-html-sanitizer v1.6.1 addresses multiple CVEs
|
|
0
|
483
|
December 2, 2024
|
[CVE-2024-47888] Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
|
|
0
|
530
|
October 15, 2024
|
[CVE-2024-41128] Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
|
|
0
|
749
|
October 15, 2024
|
[CVE-2024-47887] Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
|
|
0
|
827
|
October 15, 2024
|
[CVE-2024-32464] ActionText ContentAttachment's can Contain Unsanitized HTML
|
|
0
|
2258
|
June 4, 2024
|
[CVE-2024-28103] Permissions-Policy is Only Served on HTML Content-Type
|
|
0
|
1869
|
June 4, 2024
|
XSS Vulnerabilities in Trix Editor
|
|
0
|
1783
|
May 17, 2024
|
Possible XSS Vulnerability in Action Controller
|
|
2
|
7887
|
February 27, 2024
|
Possible Denial of Service Vulnerability in Rack Header Parsing
|
|
0
|
4551
|
February 21, 2024
|
Possible ReDoS vulnerability in Accept header parsing in Action Dispatch
|
|
0
|
3840
|
February 21, 2024
|
Denial of Service Vulnerability in Rack Content-Type Parsing
|
|
0
|
4885
|
February 21, 2024
|
Possible Sensitive Session Information Leak in Active Storage
|
|
0
|
5375
|
February 21, 2024
|
Possible DoS Vulnerability with Range Header in Rack
|
|
0
|
4588
|
February 21, 2024
|
[CVE-2023-38037] Possible File Disclosure of Locally Encrypted Files
|
|
0
|
6134
|
August 22, 2023
|
[CVE-2023-28362] Possible XSS via User Supplied Values to redirect_to
|
|
0
|
12188
|
June 26, 2023
|
[CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID
|
|
0
|
6021
|
January 17, 2023
|
[CVE-2022-44572] Possible Denial of Service Vulnerability in Rack's RFC2183 boundary parsing
|
|
0
|
4543
|
January 17, 2023
|
[CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing
|
|
0
|
6825
|
January 17, 2023
|
[CVE-2023-27539] Possible Denial of Service Vulnerability in Rack's header parsing
|
|
0
|
6960
|
March 13, 2023
|
[CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON
|
|
0
|
3951
|
March 13, 2023
|
[CVE-2023-28120] Possible XSS Security Vulnerability in SafeBuffer#bytesplice
|
|
0
|
8344
|
March 13, 2023
|
[CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
|
|
0
|
6455
|
March 13, 2023
|
[CVE-2023-27530] Possible DoS Vulnerability in Multipart MIME parsing
|
|
0
|
10516
|
March 2, 2023
|
[CVE-2022-44570] Possible Denial of Service Vulnerability in Rack's Range header parsing
|
|
0
|
7231
|
January 17, 2023
|
[CVE-2023-22794] SQL Injection Vulnerability via ActiveRecord comments
|
|
0
|
31074
|
January 17, 2023
|
[CVE-2023-22795] Possible ReDoS based DoS vulnerability in Action Dispatch
|
|
0
|
7659
|
January 17, 2023
|
[CVE-2022-44566] Possible Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter
|
|
0
|
7493
|
January 17, 2023
|