{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 7.2.x ant\u00e9rieures \u00e0 7.2.1.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 7.0.x ant\u00e9rieures \u00e0 7.0.8.5",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 7.1.x ant\u00e9rieures \u00e0 7.1.4.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions ant\u00e9rieures \u00e0 6.1.7.9",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-47888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47888"
    },
    {
      "name": "CVE-2024-47887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47887"
    },
    {
      "name": "CVE-2024-28103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28103"
    },
    {
      "name": "CVE-2024-41128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41128"
    },
    {
      "name": "CVE-2024-32464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32464"
    },
    {
      "name": "CVE-2024-47889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47889"
    }
  ],
  "initial_release_date": "2024-10-16T00:00:00",
  "last_revision_date": "2024-10-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0889",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby on Rails. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 87695",
      "url": "https://discuss.rubyonrails.org/t/cve-2024-47889-possible-redos-vulnerability-in-block-format-in-action-mailer/87695"
    },
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 87696",
      "url": "https://discuss.rubyonrails.org/t/cve-2024-47888-possible-redos-vulnerability-in-plain-text-for-blockquote-node-in-action-text/87696"
    },
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 87698",
      "url": "https://discuss.rubyonrails.org/t/cve-2024-47887-possible-redos-vulnerability-in-http-token-authentication-in-action-controller/87698"
    },
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 87699",
      "url": "https://discuss.rubyonrails.org/t/cve-2024-41128-possible-redos-vulnerability-in-query-parameter-filtering-in-action-dispatch/87699"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 7.0.x ant\u00e9rieures \u00e0 7.0.8.4",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 6.1.x ant\u00e9rieures \u00e0 6.1.7.8",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 7.1.x ant\u00e9rieures \u00e0 7.1.3.4",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-28103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28103"
    },
    {
      "name": "CVE-2024-32464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32464"
    }
  ],
  "initial_release_date": "2024-06-05T00:00:00",
  "last_revision_date": "2024-06-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0463",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-06-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby on Rails. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS), un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": "2024-06-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 85948",
      "url": "https://discuss.rubyonrails.org/t/cve-2024-28103-permissions-policy-is-only-served-on-html-content-type/85948"
    },
    {
      "published_at": "2024-06-04",
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 85949",
      "url": "https://discuss.rubyonrails.org/t/cve-2024-32464-actiontext-contentattachments-can-contain-unsanitized-html/85949"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 7.1.x ant\u00e9rieures \u00e0 7.1.3.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Rack versions 3.0.x ant\u00e9rieures \u00e0 3.0.9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions ant\u00e9rieures \u00e0 6.1.7.7",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 7.0.x ant\u00e9rieures \u00e0 7.0.8.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Rack versions ant\u00e9rieures \u00e0 2.2.8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-25126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25126"
    },
    {
      "name": "CVE-2024-26143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26143"
    },
    {
      "name": "CVE-2024-26146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26146"
    },
    {
      "name": "CVE-2024-26141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26141"
    },
    {
      "name": "CVE-2024-26142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26142"
    },
    {
      "name": "CVE-2024-26144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26144"
    }
  ],
  "initial_release_date": "2024-02-23T00:00:00",
  "last_revision_date": "2024-02-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0160",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby on Rails.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection\nde code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 84946 du 21 f\u00e9vrier 2024",
      "url": "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 84941 du 21 f\u00e9vrier 2024",
      "url": "https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 84944 du 21 f\u00e9vrier 2024",
      "url": "https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 84942 du 21 f\u00e9vrier 2024",
      "url": "https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 84945 du 21 f\u00e9vrier 2024",
      "url": "https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 84947 du 21 f\u00e9vrier 2024",
      "url": "https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 7.0.x ant\u00e9rieures \u00e0 7.0.3.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 6.1.x ant\u00e9rieures \u00e0 6.1.6.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions ant\u00e9rieures \u00e0 5.2.8.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 6.0.x ant\u00e9rieures \u00e0 6.0.5.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32224"
    }
  ],
  "initial_release_date": "2022-07-15T00:00:00",
  "last_revision_date": "2022-07-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-639",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ruby on Rails. Elle permet \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails MmFO3LYQE8U du 12 juillet 2022",
      "url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 2.1.x ant\u00e9rieures \u00e0 2.1.4.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions ant\u00e9rieures \u00e0 2.0.9.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 2.2.x ant\u00e9rieures \u00e0 2.2.3.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-30123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30123"
    },
    {
      "name": "CVE-2022-30122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30122"
    }
  ],
  "initial_release_date": "2022-05-30T00:00:00",
  "last_revision_date": "2022-05-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-506",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby on Rails .\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2022-30123 du 27 mai 2022",
      "url": "https://groups.google.com/g/rubyonrails-security/c/PqEYO9ARpq0"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2022-30122 du 27 mai 2022",
      "url": "https://groups.google.com/g/rubyonrails-security/c/J4PJo_cB-4c"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 6.0.x ant\u00e9rieures \u00e0 6.0.4.8",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions ant\u00e9rieures \u00e0 5.2.7.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 7.0.x ant\u00e9rieures \u00e0 7.0.2.4",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 6.1.x ant\u00e9rieures \u00e0 6.1.5.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-22577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22577"
    },
    {
      "name": "CVE-2022-27777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27777"
    }
  ],
  "initial_release_date": "2022-04-27T00:00:00",
  "last_revision_date": "2022-04-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-389",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-04-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby on Rails.\nElles permettent \u00e0 un attaquant de provoquer une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2022-22577 du 26 avril 2022",
      "url": "https://groups.google.com/g/rubyonrails-security/c/RmWxKvSNgRg"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2022-27777 du 26 avril 2022",
      "url": "https://groups.google.com/g/rubyonrails-security/c/Yg2tEh2UUqc"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 6.1.x ant\u00e9rieures \u00e0 6.1.4.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 6.0.x ant\u00e9rieures \u00e0 6.0.4.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22942"
    }
  ],
  "initial_release_date": "2021-08-20T00:00:00",
  "last_revision_date": "2021-08-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-646",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ruby on Rails. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails du 19 ao\u00fbt 2021",
      "url": "https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions ant\u00e9rieures \u00e0 6.1.3.2",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22904"
    },
    {
      "name": "CVE-2021-22885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22885"
    },
    {
      "name": "CVE-2021-22902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22902"
    },
    {
      "name": "CVE-2021-22903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22903"
    }
  ],
  "initial_release_date": "2021-05-06T00:00:00",
  "last_revision_date": "2021-05-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-352",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-05-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby-on-rails.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby NiQl-48cXYI du 6 mai 2021",
      "url": "https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby Pf1TjkOBdyQ du 6 mai 2021",
      "url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby 8TxqXEtgSF0 du 6 mai 2021",
      "url": "https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby _5ID_ld9u1c du 6 mai 2021",
      "url": "https://groups.google.com/g/rubyonrails-security/c/_5ID_ld9u1c"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 4.2.0 \u00e0 5.2.x ant\u00e9rieures \u00e0 5.2.4.5",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 6.0 ant\u00e9rieures \u00e0 6.0.3.5",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 6.1 ant\u00e9rieures \u00e0 6.1.2.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22880"
    },
    {
      "name": "CVE-2021-22881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22881"
    }
  ],
  "initial_release_date": "2021-02-11T00:00:00",
  "last_revision_date": "2021-02-11T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails du 11 f\u00e9vrier 2021",
      "url": "https://groups.google.com/g/rubyonrails-security/c/zN_3qA26l6E"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails du 11 f\u00e9vrier 2021",
      "url": "https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI"
    }
  ],
  "reference": "CERTFR-2021-AVI-115",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby on Rails.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails du 11 f\u00e9vrier 2021",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 6.x ant\u00e9rieures \u00e0 6.0.3.2",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-8185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8185"
    }
  ],
  "initial_release_date": "2020-06-19T00:00:00",
  "last_revision_date": "2020-06-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-380",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ruby on Rails. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails du 17 juin 2020",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pAe9EV8gbM0"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 6.x ant\u00e9rieures \u00e0 6.0.3.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 5.x ant\u00e9rieures \u00e0 5.2.4.3",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-8166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8166"
    },
    {
      "name": "CVE-2020-8165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8165"
    },
    {
      "name": "CVE-2020-8164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8164"
    },
    {
      "name": "CVE-2020-8162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8162"
    },
    {
      "name": "CVE-2020-8167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8167"
    }
  ],
  "initial_release_date": "2020-05-19T00:00:00",
  "last_revision_date": "2020-05-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-301",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby on Rails.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8167 du 18 mai 2020",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8164 du 18 mai 2020",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8162 du 18 mai 2020",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8166 du 18 mai 2020",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails CVE-2020-8165 du 18 mai 2020",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions ant\u00e9rieures \u00e0 4.2.11.3",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-8163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8163"
    }
  ],
  "initial_release_date": "2020-05-18T00:00:00",
  "last_revision_date": "2020-05-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-297",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ruby on Rails. Elle permet \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails du 15 mai 2020",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails du 16 mai 2020",
      "url": "https://weblog.rubyonrails.org/releases/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions ant\u00e9rieures \u00e0 5.1.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-8151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8151"
    }
  ],
  "initial_release_date": "2020-05-06T00:00:00",
  "last_revision_date": "2020-05-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-270",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-05-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ruby on Rails . Elle permet \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails du 05 mai 2020",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails 6.x versions ant\u00e9rieures \u00e0 6.0.2.2",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails 5.2.x versions ant\u00e9rieures \u00e0 5.2.4",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-5627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5627"
    }
  ],
  "initial_release_date": "2020-03-20T00:00:00",
  "last_revision_date": "2020-03-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-165",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-03-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ruby on Rails. Elle permet \u00e0 un\nattaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails 55reWMM_Pg8 du 19 mars 2020",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby On Rails versions 5.0.x ant\u00e9rieures \u00e0 5.0.7.2",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby On Rails versions 4.2.x ant\u00e9rieures \u00e0 4.2.11.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby On Rails versions 5.2.x ant\u00e9rieures \u00e0 5.2.2.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby On Rails versions 5.1.x ant\u00e9rieures \u00e0 5.1.6.2",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby On Rails versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.0.beta3",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-5419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5419"
    },
    {
      "name": "CVE-2019-5418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5418"
    },
    {
      "name": "CVE-2019-5420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5420"
    }
  ],
  "initial_release_date": "2019-03-14T00:00:00",
  "last_revision_date": "2019-03-26T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-111",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-03-14T00:00:00.000000"
    },
    {
      "description": "Ajout d\u0027un bulletin de s\u00e9curit\u00e9",
      "revision_date": "2019-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby On Rails.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby On Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails CVE-2019-5418 Amendment du 22 mars 2019",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails CVE-2019-5418 du 13 mars 2019",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails CVE-2019-5419 du 13 mars 2019",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails CVE-2019-5420 du 13 mars 2019",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby On Rails toutes versions inf\u00e9rieures \u00e0 2.0.6 et 1.6.11",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-16470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16470"
    },
    {
      "name": "CVE-2018-16471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16471"
    }
  ],
  "initial_release_date": "2018-11-06T00:00:00",
  "last_revision_date": "2018-11-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-532",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-11-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Ruby On Rails.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby On Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails CVE-2018-16470 du 5 novembre 2018",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/U_x-YkfuVTg"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails CVE-2018-16471 du 5 novembre 2018",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby On Rails versions 4.0.0.beta7 et ant\u00e9rieures",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby On Rails versions 2.12.4 et ant\u00e9rieures",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby On Rails versions 3.7.1 et ant\u00e9rieures",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-3760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3760"
    }
  ],
  "initial_release_date": "2018-06-20T00:00:00",
  "last_revision_date": "2018-06-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-297",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-06-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Ruby On Rails. Elle permet \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby On Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails [CVE-2018-3760] du 19 juin 2018",
      "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ft_J--l55fM"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 4.1.x ant\u00e9rieures \u00e0 4.1.14.2",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 4.0.x",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 4.2.x ant\u00e9rieures \u00e0 4.2.5.2",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 3.2.X ant\u00e9rieures \u00e0 3.2.22.2",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-2098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2098"
    },
    {
      "name": "CVE-2016-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2097"
    }
  ],
  "initial_release_date": "2016-03-01T00:00:00",
  "last_revision_date": "2016-03-01T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails [CVE-2016-2098] du 29    f\u00e9vrier 2016      _Q/WLoOhcMZIAAJ#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ",
      "url": "https://groups.google.com/forum/?_escaped_fragment_=msg/rubyonrails-security/ly-IH-fxr"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails [CVE-2016-2097] du 29    f\u00e9vrier 2016      /we0RasMZIAAJ#!msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ",
      "url": "https://groups.google.com/forum/?_escaped_fragment_=msg/rubyonrails-security/ddY6HgqB2z4"
    }
  ],
  "reference": "CERTFR-2016-AVI-075",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-03-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eRuby On Rails\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby On Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails [CVE-2016-2098] du 29 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails [CVE-2016-2097] du 29 f\u00e9vrier 2016",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 4.1.x ant\u00e9rieures \u00e0 4.1.14.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 4.2.x ant\u00e9rieures \u00e0 4.2.5.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 5.0.x ant\u00e9rieures \u00e0 5.0.0.beta1.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 3.2.x ant\u00e9rieures \u00e0 3.2.22.1",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-0752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0752"
    },
    {
      "name": "CVE-2016-0753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0753"
    },
    {
      "name": "CVE-2015-7578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7578"
    },
    {
      "name": "CVE-2015-7581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7581"
    },
    {
      "name": "CVE-2015-7579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7579"
    },
    {
      "name": "CVE-2016-0751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0751"
    },
    {
      "name": "CVE-2015-7576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7576"
    },
    {
      "name": "CVE-2015-7577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7577"
    }
  ],
  "initial_release_date": "2016-01-26T00:00:00",
  "last_revision_date": "2016-01-26T00:00:00",
  "links": [
    {
      "title": "Ruby On Rails groups.google.com",
      "url": "https://groups.google.com/forum/?_escaped_fragment_=forum/rubyonrails-security#!forum/rubyonrails-security"
    }
  ],
  "reference": "CERTFR-2016-AVI-037",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-01-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eRuby On Rails\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby On Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails du 25 janvier 2016",
      "url": "http://weblog.rubyonrails.org/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby On Rails versions ant\u00e9rieures \u00e0 4.0.3",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby On Rails versions ant\u00e9rieures \u00e0 4.1.0beta2",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby On Rails versions ant\u00e9rieures \u00e0 3.2.17",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-0082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0082"
    },
    {
      "name": "CVE-2014-0080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0080"
    },
    {
      "name": "CVE-2014-0081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0081"
    }
  ],
  "initial_release_date": "2014-02-19T00:00:00",
  "last_revision_date": "2014-02-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-077",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-02-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eRuby On Rails\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby On Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails du 18 f\u00e9vrier 2014",
      "url": "http://weblog.rubyonrails.org/2014/2/18/Rails_3_2_17_4_0_3_and_4_1_0_beta2_have_been_released/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "versions ant\u00e9rieures \u00e0 Ruby on Rails 3.1.12 (pour la branche 3.1)",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 Ruby on Rails 2.3.18",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 Ruby on Rails 3.2.13 (pour la branche 3.2)",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-1856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1856"
    },
    {
      "name": "CVE-2013-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1855"
    },
    {
      "name": "CVE-2013-1854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1854"
    },
    {
      "name": "CVE-2013-1857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1857"
    }
  ],
  "initial_release_date": "2013-03-20T00:00:00",
  "last_revision_date": "2013-03-20T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-193",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-03-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eRuby on Rails\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails du 18 mars 2013",
      "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions ant\u00e9rieures \u00e0 2.3.17",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions ant\u00e9rieures \u00e0 3.1.11",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions ant\u00e9rieures \u00e0 3.2.12",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-0277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0277"
    },
    {
      "name": "CVE-2013-0276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0276"
    },
    {
      "name": "CVE-2013-0269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0269"
    }
  ],
  "initial_release_date": "2013-02-15T00:00:00",
  "last_revision_date": "2013-02-15T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-133",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-02-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eRuby on Rails\u003c/span\u003e . Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails du 11 f\u00e9vrier 2013",
      "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Versions ant\u00e9rieures \u00e0 Ruby On Rails 3.0.20 (pour la branche 3.0)",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "versions ant\u00e9rieures \u00e0 Ruby On Rails 2.3.16",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-0333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0333"
    }
  ],
  "initial_release_date": "2013-01-30T00:00:00",
  "last_revision_date": "2013-01-30T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails du 28 janvier 2013 :",
      "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/"
    }
  ],
  "reference": "CERTA-2013-AVI-074",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-01-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eRuby On\nRails\u003c/span\u003e. Elle concerne la partie JSON et peut mener un utilisateur\nmalintentionn\u00e9 \u00e0 ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby On Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails du 28 janvier 2013",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Versions ant\u00e9rieures \u00e0 Ruby on Rails 3.2.11",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 Ruby on Rails 3.0.19",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 Ruby on Rails 2.3.15",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 Ruby on Rails 3.1.10",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-0156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0156"
    },
    {
      "name": "CVE-2013-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0155"
    }
  ],
  "initial_release_date": "2013-01-11T00:00:00",
  "last_revision_date": "2013-01-11T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-024",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eRuby on\nRails\u003c/span\u003e Elles concernent des ex\u00e9cutions de codes arbitraires \u00e0\ndistance et sont consid\u00e9r\u00e9es comme \u00ab extr\u00eamement critiques \u00bb par\nl\u0027\u00e9diteur.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ruby on Rails du 08 janvier 2013",
      "url": "http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails 3.1.x versions ant\u00e9rieures \u00e0 3.1.7 ;",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails 3.0.x versions ant\u00e9rieures \u00e0 3.0.16 ;",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails 3.2.x versions ant\u00e9rieures \u00e0 3.2.7.",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-3424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3424"
    }
  ],
  "initial_release_date": "2012-07-30T00:00:00",
  "last_revision_date": "2012-07-30T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-409",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-07-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Ruby on Rails. Cette vuln\u00e9rabilit\u00e9\npeut \u00eatre utilis\u00e9e par une personne malveillante distante afin de\nprovoquer un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes de mise \u00e0 jour Rails du 26 juillet 2012",
      "url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-0-16-has-been-released/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails 3.0.x ;",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails 3.2.x.",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails 3.1.x ;",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-2660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2660"
    },
    {
      "name": "CVE-2012-2661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2661"
    }
  ],
  "initial_release_date": "2012-06-05T00:00:00",
  "last_revision_date": "2012-06-05T00:00:00",
  "links": [
    {
      "title": "Annonce de publication Ruby on Rails 3.0.13 :      /",
      "url": "http://weblog.rubyonrails.org/2012/5/31/ann-rails-3-0-13-has-been-released"
    },
    {
      "title": "Annonce de publication Ruby on Rails 3.1.5 :      /",
      "url": "http://weblog.rubyonrails.org/2012/5/31/ann-rails-3-1-5-has-been-released"
    },
    {
      "title": "Annonce de publication Ruby on Rails 3.2.4 :      /",
      "url": "http://weblog.rubyonrails.org/2012/5/31/ann-rails-3-2-4-has-been-released"
    }
  ],
  "reference": "CERTA-2012-AVI-306",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection SQL"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s permettant \u00e0 une personne malintentionn\u00e9e\nd\u0027effectuer des injections SQL ont \u00e9t\u00e9 corrig\u00e9es dans Ruby on Rails.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonces de mises \u00e0 jour de s\u00e9curit\u00e9 de Ruby on Rails du 31 mai 2012",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 3.2.x.",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 3.0.x ;",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 3.1.x ;",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes qui permettent \u00e0 une personne\nmalintentionn\u00e9e de r\u00e9aliser une injection de code indirecte \u00e0 distance :\n\n-   Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la m\u00e9thode SafeBuffer de\n    Ruby on Rails ;\n-   Certaines donn\u00e9es pass\u00e9es via des tags select options g\u00e9n\u00e9r\u00e9s\n    manuellement ne sont pas correctement filtr\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2012-03-05T00:00:00",
  "last_revision_date": "2012-03-05T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-113",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-03-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s permettant \u00e0 une personne malintentionn\u00e9e d\u0027injecter\nindirectement du code \u00e0 distance ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eRuby on Rails\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes de mise \u00e0 jour Rails du 01 mars 2012",
      "url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-2-2-has-been-released"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails versions 2.3.x utilisant le module d\u0027extension rails_xss.",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails versions 3.0.0 et sup\u00e9rieures ;",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la m\u00e9thode translate de Ruby on\nRails. Elle permet \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une\ninjection de code indirecte \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4319"
    }
  ],
  "initial_release_date": "2011-11-21T00:00:00",
  "last_revision_date": "2011-11-21T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-653",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-11-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permettant \u00e0 une personne malintentionn\u00e9e d\u0027injecter\nindirectement du code \u00e0 distance a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan\nclass=\"textit\"\u003eRuby on Rails\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes de mise \u00e0 jour Rails du 18 novembre",
      "url": "http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails 3.0.x.",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails 2.3.x ;",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans le produit Ruby on Rails ont\n\u00e9t\u00e9 corrig\u00e9es. Ces vuln\u00e9rabilit\u00e9s permettent notamment :\n\n-   le rendu de vues de donn\u00e9es normalement inaccessibles \u00e0\n    l\u0027utilisateur ;\n-   l\u0027injection de code dans les requ\u00eates SQL ;\n-   l\u0027injection de code javascript dans les r\u00e9ponses HTML ;\n-   l\u0027envoi de cha\u00eenes Unicode malform\u00e9es dans les r\u00e9ponses HTML.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nNote : une mise \u00e0 jour pour la version 3.1 RC est \u00e9galement disponible.\n",
  "cves": [
    {
      "name": "CVE-2011-2930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2930"
    },
    {
      "name": "CVE-2011-2932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2932"
    },
    {
      "name": "CVE-2011-2929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2929"
    },
    {
      "name": "CVE-2011-3186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3186"
    },
    {
      "name": "CVE-2011-2931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2931"
    }
  ],
  "initial_release_date": "2011-08-18T00:00:00",
  "last_revision_date": "2011-09-16T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 2301-1 du 5 septembre 2011    :",
      "url": "http://www.debian.org/security/2011/dsa-2301"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-11567 du 7    septembre 2011 :",
      "url": "http://lists.fedoraproject.org/pipemail/package-announce/2011-Septembre/065137.html"
    },
    {
      "title": "Annonce de publication Ruby on Rails 2.3.14 :",
      "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-2-3-14"
    },
    {
      "title": "Secunia Advisory SA45648 :",
      "url": "http://secunia.com/advisories/45648/"
    },
    {
      "title": "Annonce de publication Ruby on Rails 3.0.10 :",
      "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-0-10"
    }
  ],
  "reference": "CERTA-2011-AVI-459",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-08-18T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2011-08-23T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins Debian et Fedora.",
      "revision_date": "2011-09-14T00:00:00.000000"
    },
    {
      "description": "ajout d\u0027une r\u00e9f\u00e9rence CVE.",
      "revision_date": "2011-09-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans le produit \u003cspan\nclass=\"textit\"\u003eRuby on Rails\u003c/span\u003e ont \u00e9t\u00e9 corrig\u00e9es. Elles permettent\nle contournement de la politique de s\u00e9curit\u00e9, l\u0027injection de code SQL et\nl\u0027injection de code HTML dans une r\u00e9ponse.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonces de mises \u00e0 jour de s\u00e9curit\u00e9 de Ruby on Rails du 16 ao\u00fbt 2011",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails 3.0.x ;",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails 2.3.x",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nRuby on Rails utilise un m\u00e9canisme de pr\u00e9vention des XSS en prot\u00e9geant\nles cha\u00eenes de caract\u00e8res pr\u00e9sent\u00e9es au client avant de les marquer\ncomme \u00e9tant html safe. Une vuln\u00e9rabilit\u00e9 dans ce m\u00e9canisme permet de\ncr\u00e9er une cha\u00eene html safe alors que celle ci n\u0027a pas \u00e9t\u00e9 prot\u00e9g\u00e9e, ce\nqui permet de provoquer une injection de code indirecte \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2011-06-14T00:00:00",
  "last_revision_date": "2011-06-14T00:00:00",
  "links": [
    {
      "title": "Notes des versions 2.3.12, 3.0.8 et 3.1.0.rc2 de Ruby on    Rails du 08 juin 2011 :",
      "url": "http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications"
    }
  ],
  "reference": "CERTA-2011-AVI-339",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de type injection de code indirecte \u00e0 distance (\u003cspan\nclass=\"textit\"\u003eXSS\u003c/span\u003e) a \u00e9t\u00e9 identifi\u00e9e dans Ruby on Rails.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes des versions 2.3.12, 3.0.8 et 3.1.0.rc2 de Ruby on Rails du 08 juin 2011",
      "url": null
    }
  ]
}