VYPR

rpm package

suse/rubygem-activejob-4_2&distro=SUSE Enterprise Storage 4

pkg:rpm/suse/rubygem-activejob-4_2&distro=SUSE%20Enterprise%20Storage%204

Vulnerabilities (4)

  • CVE-2018-16476Nov 30, 2018
    affected < 4.2.9-3.6.1fixed 4.2.9-3.6.1

    A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.

  • CVE-2016-6317HigSep 7, 2016
    affected < 4.2.9-3.3.1fixed 4.2.9-3.3.1

    Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks o

  • CVE-2016-6316MedSep 7, 2016
    affected < 4.2.9-3.3.1fixed 4.2.9-3.3.1

    Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handle

  • CVE-2016-2098HigApr 7, 2016
    affected < 4.2.9-3.3.1fixed 4.2.9-3.3.1

    Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.