Commit 40cb879b authored by Steve Wills's avatar Steve Wills
Browse files

Add OSVDB 103438, 103439, and 103440

parent e9dc46a3
---
gem: actionpack
framework: rails
cve: 2014-0081
osvdb: 103439
url: http://osvdb.org/show/osvdb/103439
title:
Ruby on Rails actionpack/lib/action_view/helpers/number_helper.rb Multiple
Helpers XSS
date: 2014-02-18
description: |
Ruby on Rails contains a flaw that allows a cross-site scripting (XSS)
attack. This flaw exists because the
actionpack/lib/action_view/helpers/number_helper.rb script does not validate
input to the 'number_to_currency', 'number_to_percentage', and
'number_to_human' helpers before returning it to users. This may allow a
remote attacker to create a specially crafted request that would execute
arbitrary script code in a user's browser session within the trust
relationship between their browser and the server.
cvss_v2: 4.3
unaffected_versions:
patched_versions:
- ">= 3.2.17"
- ">= 4.0.3"
- ">= 4.1.0.beta2"
---
gem: actionpack
framework: rails
cve: 2014-0082
osvdb: 103440
url: http://osvdb.org/show/osvdb/103440
title:
Ruby on Rails actionpack/lib/action_view/template/text.rb Action View Text
Rendering Component MIME Type Handling Remote DoS
date: 2014-02-18
description: |
Ruby on Rails contains a flaw in actionpack/lib/action_view/template/text.rb
in the text rendering component of Action View that is triggered when
handling MIME types that are converted to symbols. This may allow a remote
attacker to cause a denial of service.
cvss_v2: 5.0
unaffected_versions:
- ">= 4.0.0"
patched_versions:
- ">= 3.2.17"
---
gem: activerecord
framework: rails
cve: 2014-0080
osvdb: 103438
url: http://osvdb.org/show/osvdb/103438
title:
Ruby on Rails Active Record connection_adapters/postgresql/cast.rb
PostgreSQL Array Type Columns Data Injection
date: 2014-02-18
description: |
Ruby on Rails contains a flaw in
connection_adapters/postgresql/cast.rb in Active Record. This issue
may allow a remote attacker to inject data into PostgreSQL array
columns via a specially crafted string.
cvss_v2: 6.8
unaffected_versions:
- "<= 3.2.17"
patched_versions:
- ">= 4.0.3"
- ">= 4.1.0.beta2"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment