Security Announcements

Topic	Views	Activity
[CVE-2023-28362] Possible XSS via User Supplied Values to redirect_to announcement , security	12306	June 26, 2023
[CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID patch , security , globalid	6098	January 17, 2023
[CVE-2022-44572] Possible Denial of Service Vulnerability in Rack's RFC2183 boundary parsing patch , rack , security	4560	January 17, 2023
[CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing patch , rack , security	6875	January 17, 2023
[CVE-2023-27539] Possible Denial of Service Vulnerability in Rack's header parsing announcement , patch , security	7195	March 13, 2023
[CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON announcement , patch , security	4073	March 13, 2023
[CVE-2023-28120] Possible XSS Security Vulnerability in SafeBuffer#bytesplice announcement , patch , security	8427	March 13, 2023
[CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements announcement , patch , security	6572	March 13, 2023
[CVE-2023-27530] Possible DoS Vulnerability in Multipart MIME parsing announcement , security	10590	March 2, 2023
[CVE-2022-44570] Possible Denial of Service Vulnerability in Rack's Range header parsing patch , rack , security	7282	January 17, 2023
[CVE-2023-22794] SQL Injection Vulnerability via ActiveRecord comments patch , activerecord , security	31216	January 17, 2023
[CVE-2023-22795] Possible ReDoS based DoS vulnerability in Action Dispatch patch , security , actiondispatch	7717	January 17, 2023
[CVE-2022-44566] Possible Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter patch , activerecord , security	7554	January 17, 2023
[CVE-2023-22797] Possible Open Redirect Vulnerability in Action Pack patch , security , actioncontroller	5486	January 17, 2023
[CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support's underscore patch , activesupport , security	7735	January 17, 2023
[CVE-2023-22792] Possible ReDoS based DoS vulnerability in Action Dispatch patch , security , actiondispatch	7602	January 17, 2023
Rails-html-sanitizer v1.4.4 addresses multiple CVEs	2996	December 13, 2022
[CVE-2022-32224] Possible RCE escalation bug with Serialized Columns in Active Record patch , activerecord , security	40898	July 12, 2022
[CVE-2022-32209] Possible XSS Vulnerability in Rails::Html::Sanitizer	4148	June 9, 2022
[CVE-2022-30122] Denial of Service Vulnerability in Rack Multipart Parsing announcement , rack , security	8418	May 27, 2022
[CVE-2022-30123] Possible shell escape sequence injection vulnerability in Rack announcement , rack , security	9514	May 27, 2022
[CVE-2022-27777] Possible XSS Vulnerability in Action View tag helpers	13126	April 26, 2022
[CVE-2022-22577] Possible XSS Vulnerability in Action Pack patch	11632	April 26, 2022
[CVE-2022-21831] Possible code injection vulnerability in Rails / Active Storage	10632	March 8, 2022
[CVE-2022-23633] Possible exposure of information vulnerability in Action Pack	9599	February 11, 2022
Possible Open Redirect in Host Authorization Middleware	6110	December 14, 2021
[CVE-2021-22942] Possible Open Redirect in Host Authorization Middleware	8176	August 19, 2021
[CVE-2021-22904] Possible DoS Vulnerability in Action Controller Token Authentication	11277	May 5, 2021
[CVE-2021-22885] Possible Information Disclosure / Unintended Method Execution in Action Pack	6856	May 5, 2021
[CVE-2021-22903] Possible Open Redirect Vulnerability in Action Pack	8216	May 5, 2021