Download
| Alert*
oval:org.secpod.oval:def:1901396
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application"s unrestricted use of the render method and providing a .. in a pathname. NOTE: this vulnerability exists because of ... oval:org.secpod.oval:def:602424 Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby. Both vulnerabilities affect Action Pack, which handles the web requests for Rails. CVE-2016-2097 Crafted requests to Action View, one of the components of Action Pack, might result in rendering files from ... oval:org.secpod.oval:def:504979 The ror40 collection provides Ruby on Rails version 4.0. Ruby on Rails is a model-view-controller framework for web application development. The following issues were corrected in rubygem-actionpack: Multiple directory traversal flaws were found in the way the Action View component searched for tem ... oval:org.secpod.oval:def:504941 The ruby193 collection provides Ruby version 1.9.3 and Ruby on Rails version 3.2. Ruby on Rails is a model-view-controller framework for web application development. The following issues were corrected in rubygem-actionpack: Multiple directory traversal flaws were found in the way the Action View c ... oval:org.secpod.oval:def:504908 The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller framework for web application development. The following issues were corrected in rubygem-actionview: A directory traversal flaw was found in the way the Action View component searched for templates ... |