Security Announcements

Topic	Replies	Views	Activity
About the Security Announcements category	1	3530	February 10, 2021
Possible XSS Vulnerability in Action Controller announcement , patch	2	5586	February 27, 2024
Possible Denial of Service Vulnerability in Rack Header Parsing announcement , rack	0	2754	February 21, 2024
Possible ReDoS vulnerability in Accept header parsing in Action Dispatch announcement , patch	0	2416	February 21, 2024
Denial of Service Vulnerability in Rack Content-Type Parsing announcement , rack	0	3002	February 21, 2024
Possible Sensitive Session Information Leak in Active Storage announcement , patch	0	3534	February 21, 2024
Possible DoS Vulnerability with Range Header in Rack announcement , rack	0	2554	February 21, 2024
[CVE-2023-38037] Possible File Disclosure of Locally Encrypted Files announcement , security	0	5416	August 22, 2023
[CVE-2023-28362] Possible XSS via User Supplied Values to redirect_to announcement , security	0	10913	June 26, 2023
[CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID patch , security , globalid	0	5283	January 17, 2023
[CVE-2022-44572] Possible Denial of Service Vulnerability in Rack's RFC2183 boundary parsing patch , rack , security	0	3978	January 17, 2023
[CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing patch , rack , security	0	5836	January 17, 2023
[CVE-2023-27539] Possible Denial of Service Vulnerability in Rack's header parsing announcement , patch , security	0	6083	March 13, 2023
[CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON announcement , patch , security	0	3344	March 13, 2023
[CVE-2023-28120] Possible XSS Security Vulnerability in SafeBuffer#bytesplice announcement , patch , security	0	7323	March 13, 2023
[CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements announcement , patch , security	0	5435	March 13, 2023
[CVE-2023-27530] Possible DoS Vulnerability in Multipart MIME parsing announcement , security	0	9344	March 2, 2023
[CVE-2022-44570] Possible Denial of Service Vulnerability in Rack's Range header parsing patch , rack , security	0	6265	January 17, 2023
[CVE-2023-22794] SQL Injection Vulnerability via ActiveRecord comments patch , activerecord , security	0	30025	January 17, 2023
[CVE-2023-22795] Possible ReDoS based DoS vulnerability in Action Dispatch patch , security , actiondispatch	0	6760	January 17, 2023
[CVE-2022-44566] Possible Denial of Service Vulnerability in ActiveRecord's PostgreSQL adapter patch , activerecord , security	0	6515	January 17, 2023
[CVE-2023-22797] Possible Open Redirect Vulnerability in Action Pack patch , security , actioncontroller	0	4795	January 17, 2023
[CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support's underscore patch , activesupport , security	0	6801	January 17, 2023
[CVE-2023-22792] Possible ReDoS based DoS vulnerability in Action Dispatch patch , security , actiondispatch	0	6751	January 17, 2023
Rails-html-sanitizer v1.4.4 addresses multiple CVEs	0	2692	December 13, 2022
[CVE-2022-32224] Possible RCE escalation bug with Serialized Columns in Active Record patch , activerecord , security	0	36568	July 12, 2022
[CVE-2022-32209] Possible XSS Vulnerability in Rails::Html::Sanitizer	0	3789	June 9, 2022
[CVE-2022-30122] Denial of Service Vulnerability in Rack Multipart Parsing announcement , rack , security	0	7539	May 27, 2022
[CVE-2022-30123] Possible shell escape sequence injection vulnerability in Rack announcement , rack , security	0	8358	May 27, 2022
[CVE-2022-27777] Possible XSS Vulnerability in Action View tag helpers	0	12292	April 26, 2022