VYPR

rpm package

suse/rubygem-activesupport-4_2&distro=SUSE OpenStack Cloud Crowbar 8

pkg:rpm/suse/rubygem-activesupport-4_2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Vulnerabilities (4)

  • CVE-2023-22796Feb 9, 2023
    affected < 4.2.9-7.15.1fixed 4.2.9-7.15.1

    A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts

  • CVE-2022-27777May 26, 2022
    affected < 4.2.9-7.12.1fixed 4.2.9-7.12.1

    A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

  • CVE-2020-8163Jul 2, 2020
    affected < 4.2.9-7.6.1fixed 4.2.9-7.6.1

    The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

  • CVE-2020-8165Jun 19, 2020
    affected < 4.2.9-7.9.1fixed 4.2.9-7.9.1

    A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.