VYPR

rpm package

opensuse/rubygem-rails-7.0&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/rubygem-rails-7.0&distro=openSUSE%20Tumbleweed

Vulnerabilities (8)

  • CVE-2023-38037MedJan 9, 2025
    affected < 7.0.8.4-1.1fixed 7.0.8.4-1.1

    ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary

  • CVE-2024-47889MedOct 16, 2024
    affected < 7.0.8.6-1.1fixed 7.0.8.6-1.1

    Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted text can cause the block

  • CVE-2024-47888MedOct 16, 2024
    affected < 7.0.8.6-1.1fixed 7.0.8.6-1.1

    Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Carefully crafted text can cau

  • CVE-2024-47887MedOct 16, 2024
    affected < 7.0.8.6-1.1fixed 7.0.8.6-1.1

    Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP To

  • CVE-2024-41128MedOct 16, 2024
    affected < 7.0.8.6-1.1fixed 7.0.8.6-1.1

    Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. Carefully crafted

  • CVE-2024-28103MedJun 4, 2024
    affected < 7.0.8.4-1.1fixed 7.0.8.4-1.1

    Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.

  • CVE-2024-34341MedMay 7, 2024
    affected < 7.0.8.4-1.1fixed 7.0.8.4-1.1

    Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allo

  • CVE-2024-26143MedFeb 27, 2024
    affected < 7.0.8.4-1.1fixed 7.0.8.4-1.1

    Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html", a :default key which contains untrusted