Topics tagged security

Topic	Replies	Views	Activity
[CVE-2026-33167] Possible XSS vulnerability in Action Pack debug exceptions Security Announcements announcement , security	0	522	March 23, 2026
[CVE-2026-33168] Possible XSS vulnerability in Action View tag helpers Security Announcements announcement , security	0	324	March 23, 2026
[CVE-2026-33169] Possible ReDoS vulnerability in number_to_delimited in Active Support Security Announcements announcement , security	0	284	March 23, 2026
[CVE-2026-33170] Possible XSS vulnerability in SafeBuffer#% in Active Support Security Announcements announcement , security	0	252	March 23, 2026
[CVE-2026-33173] Insufficient filtering of metadata in Active Storage direct uploads Security Announcements announcement , security	0	232	March 23, 2026
[CVE-2026-33174] Possible DoS vulnerability in Active Storage proxy mode via Range requests Security Announcements announcement , security	0	226	March 23, 2026
[CVE-2026-33176] Possible DoS vulnerability in Active Support number helpers Security Announcements announcement , security	0	260	March 23, 2026
[CVE-2026-33658] Possible DoS vulnerability in Active Storage proxy mode via multi-range requests Security Announcements announcement , security	0	322	March 23, 2026
This was a previous vulnerability re-published by mistake. Please ignore CVE-2026-33178 Security Announcements announcement , security	0	65	March 23, 2026
[CVE-2026-33195] Possible path traversal in Active Storage DiskService Security Announcements announcement , security	0	238	March 23, 2026
[CVE-2026-33202] Possible glob injection in Active Storage DiskService Security Announcements announcement , security	0	242	March 23, 2026
Clarification request: are security reports for EOL releases assessed? rubyonrails-talk security	3	158	October 18, 2025
[CVE-2025-24293] Active Storage allowed transformation methods potentially unsafe Security Announcements announcement , security	0	1798	August 13, 2025
[CVE-2025-55193] ANSI escape injection in Active Record logging Security Announcements announcement , security	0	1052	August 13, 2025
Find_by using params.expect - vulnerable to SQL injection? rubyonrails-talk security	8	322	August 7, 2025
Security says CSRF token should be a nonce rubyonrails-talk security	1	215	May 15, 2025
Is `accept_nested_attributes_for` considered safe when used with Delegated Types? rubyonrails-core activerecord , security	5	358	March 10, 2025
Add salt in user password to make more scure? rubyonrails-core security	3	237	February 26, 2025
[CVE-2024-47889] Possible ReDoS vulnerability in block_format in Action Mailer Security Announcements security	0	904	October 15, 2024
[CVE-2024-54133] Possible Content Security Policy bypass in Action Dispatch Security Announcements announcement , security	0	1367	December 10, 2024
How to implement key rotation for deterministic encryption? rubyonrails-core feature , activerecord , security	0	140	December 5, 2024
[CVE-2024-47888] Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text Security Announcements security	0	585	October 15, 2024
[CVE-2024-41128] Possible ReDoS vulnerability in query parameter filtering in Action Dispatch Security Announcements security	0	811	October 15, 2024
[CVE-2024-47887] Possible ReDoS vulnerability in HTTP Token authentication in Action Controller Security Announcements security	0	905	October 15, 2024
How to implement secret rotation? rubyonrails-core security	4	2051	November 20, 2023
[CVE-2023-38037] Possible File Disclosure of Locally Encrypted Files Security Announcements announcement , security	0	6208	August 22, 2023
[CVE-2023-28362] Possible XSS via User Supplied Values to redirect_to Security Announcements announcement , security	0	12305	June 26, 2023
[CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID Security Announcements patch , security , globalid	0	6097	January 17, 2023
[CVE-2022-44572] Possible Denial of Service Vulnerability in Rack's RFC2183 boundary parsing Security Announcements patch , rack , security	0	4559	January 17, 2023
[CVE-2022-44571] Possible Denial of Service Vulnerability in Rack Content-Disposition parsing Security Announcements patch , rack , security	0	6870	January 17, 2023