VYPR

rpm package

opensuse/rubygem-activerecord-6.0&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/rubygem-activerecord-6.0&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

  • CVE-2021-22880Feb 11, 2021
    affected < 6.0.4.4-1.1fixed 6.0.4.4-1.1

    The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too m

  • CVE-2020-8264Jan 6, 2021
    affected < 6.0.4.4-1.1fixed 6.0.4.4-1.1

    In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local applic

  • CVE-2019-5418KEVMar 27, 2019
    affected < 6.0.4.4-1.1fixed 6.0.4.4-1.1

    There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.