rpm package
opensuse/rubygem-rails-7.0&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/rubygem-rails-7.0&distro=openSUSE%20Tumbleweed
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-38037 | Med | 5.5 | < 7.0.8.4-1.1 | 7.0.8.4-1.1 | Jan 9, 2025 | ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary | |
| CVE-2024-47889 | Med | — | < 7.0.8.6-1.1 | 7.0.8.6-1.1 | Oct 16, 2024 | Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted text can cause the block | |
| CVE-2024-47888 | Med | — | < 7.0.8.6-1.1 | 7.0.8.6-1.1 | Oct 16, 2024 | Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Carefully crafted text can cau | |
| CVE-2024-47887 | Med | — | < 7.0.8.6-1.1 | 7.0.8.6-1.1 | Oct 16, 2024 | Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP To | |
| CVE-2024-41128 | Med | — | < 7.0.8.6-1.1 | 7.0.8.6-1.1 | Oct 16, 2024 | Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted | |
| CVE-2024-28103 | Med | 5.4 | < 7.0.8.4-1.1 | 7.0.8.4-1.1 | Jun 4, 2024 | Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3. | |
| CVE-2024-34341 | Med | 5.4 | < 7.0.8.4-1.1 | 7.0.8.4-1.1 | May 7, 2024 | Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allo | |
| CVE-2024-26143 | Med | 6.1 | < 7.0.8.4-1.1 | 7.0.8.4-1.1 | Feb 27, 2024 | Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html", a :default key which contains untrusted |
- affected < 7.0.8.4-1.1fixed 7.0.8.4-1.1
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary
- affected < 7.0.8.6-1.1fixed 7.0.8.6-1.1
Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted text can cause the block
- affected < 7.0.8.6-1.1fixed 7.0.8.6-1.1
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Carefully crafted text can cau
- affected < 7.0.8.6-1.1fixed 7.0.8.6-1.1
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP To
- affected < 7.0.8.6-1.1fixed 7.0.8.6-1.1
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted
- affected < 7.0.8.4-1.1fixed 7.0.8.4-1.1
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
- affected < 7.0.8.4-1.1fixed 7.0.8.4-1.1
Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allo
- affected < 7.0.8.4-1.1fixed 7.0.8.4-1.1
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html", a :default key which contains untrusted