Download
| Alert*
|
oval:org.secpod.oval:def:600715
It was discovered that the last security update for Ruby on Rails, DSA-2301-1, introduced a regression in the libactionpack-ruby package. oval:org.secpod.oval:def:600612 Several vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4214 A cross-site scripting vulnerability had been found in the strip_tags function. An attacker may inject non-pri ... oval:org.secpod.oval:def:2496 The host is installed with Ruby on Rails before 2.3.13 or 3.0.x before 3.0.10 or 3.1.x before 3.1.0.rc5 and is prone to multiple SQL injection vulnerabilities. The flaws are present in the application which fail to properly handle a crafted column name. Successful exploitation allows remote attacker ... |
