| CVE-2013-0333 |
high |
— |
8.5 |
|
|
|
14y ago |
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows re… |
| CVE-2023-22796 |
high |
— |
8.0 |
|
|
|
3y ago |
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a sta… |
| CVE-2013-1856 |
medium |
— |
5.8 |
|
|
|
13y ago |
The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is us… |
| CVE-2026-33170 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Rails Active Support has a possible XSS vulnerability in SafeBuffer#% |
| CVE-2026-33176 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Rails Active Support has a possible DoS vulnerability in its number helpers |
| CVE-2026-33169 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Rails Active Support has a possible ReDoS vulnerability in number_to_delimited |
| CVE-2015-3227 |
medium |
— |
5.0 |
|
|
|
11y ago |
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service… |
| CVE-2011-2197 |
medium |
— |
4.3 |
|
|
|
9y ago |
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it … |
| CVE-2011-2932 |
medium |
— |
4.3 |
|
|
|
9y ago |
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow… |
| CVE-2015-3226 |
medium |
— |
4.3 |
|
|
|
11y ago |
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web scri… |
| CVE-2012-3464 |
medium |
— |
4.3 |
|
|
|
14y ago |
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow re… |
| CVE-2012-1098 |
medium |
— |
4.3 |
|
|
|
14y ago |
Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors in… |