Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-2098 (GCVE-0-2016-2098)
Vulnerability from cvelistv5 – Published: 2016-04-07 23:00 – Updated: 2024-08-05 23:17
VLAI?
EPSS
Summary
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.debian.org/security/2016/dsa-3509 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/83725 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1035122 | vdb-entryx_refsource_SECTRACK |
| https://www.exploit-db.com/exploits/40086/ | exploitx_refsource_EXPLOIT-DB |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://groups.google.com/forum/message/raw?msg=r… | mailing-listx_refsource_MLIST |
| http://weblog.rubyonrails.org/2016/2/29/Rails-4-2… | x_refsource_CONFIRM |
Date Public ?
2016-02-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:0867",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
},
{
"name": "SUSE-SU-2016:0967",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
},
{
"name": "DSA-3509",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3509"
},
{
"name": "83725",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83725"
},
{
"name": "1035122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035122"
},
{
"name": "40086",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40086/"
},
{
"name": "SUSE-SU-2016:0854",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
},
{
"name": "openSUSE-SU-2016:0790",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
},
{
"name": "SUSE-SU-2016:1146",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "openSUSE-SU-2016:0835",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
},
{
"name": "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU-2016:0867",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
},
{
"name": "SUSE-SU-2016:0967",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
},
{
"name": "DSA-3509",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3509"
},
{
"name": "83725",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83725"
},
{
"name": "1035122",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035122"
},
{
"name": "40086",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40086/"
},
{
"name": "SUSE-SU-2016:0854",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
},
{
"name": "openSUSE-SU-2016:0790",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
},
{
"name": "SUSE-SU-2016:1146",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "openSUSE-SU-2016:0835",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
},
{
"name": "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:0867",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
},
{
"name": "SUSE-SU-2016:0967",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
},
{
"name": "DSA-3509",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3509"
},
{
"name": "83725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83725"
},
{
"name": "1035122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035122"
},
{
"name": "40086",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40086/"
},
{
"name": "SUSE-SU-2016:0854",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
},
{
"name": "openSUSE-SU-2016:0790",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
},
{
"name": "SUSE-SU-2016:1146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "openSUSE-SU-2016:0835",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
},
{
"name": "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
},
{
"name": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2098",
"datePublished": "2016-04-07T23:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:17:50.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-2098",
"date": "2026-05-20",
"epss": "0.84091",
"percentile": "0.9932"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E950E33-CD03-45F5-83F9-F106060B4A8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"547C62C8-4B3E-431B-AA73-5C42ED884671\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CDAD329-35F7-4C82-8019-A0CF6D069059\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"56D3858B-0FEE-4E8D-83C2-68AF0431F478\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"254884EE-EBA4-45D0-9704-B5CB22569668\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"35FC7015-267C-403B-A23D-EDA6223D2104\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C913A56-959D-44F1-BD89-D246C66D1F09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D5BA926-38EE-47BE-9D16-FDCF360A503B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"18EA25F1-279A-4F1A-883D-C064369F592E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD794856-6F30-4ABF-8AE4-720BB75E6F89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4199B8B-A6F9-4BFD-8D27-0E663D8C579D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F11E76A3-FA5B-4038-AB52-3D7D5E54D8A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C583ACDE-55D5-4D2F-838F-BEC5BDCDE3B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"767C481D-6616-4CA9-9A9B-C994D9121796\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5496953-0C5E-45F8-A7FB-240CEC2CCEB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA46B621-125E-497F-B2DE-91C989B25936\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3239443-2E19-4540-BA0C-05A27E44CB6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"104AC9CF-6611-4469-9852-7FDAF4EC7638\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC9E1864-B1E5-42C3-B4AF-9A002916B66D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31AC91AA-6A9A-43B4-B3E9-A66A34B6E612\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A462C151-982E-4A83-A376-025015F40645\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"578CC013-776B-4868-B448-B7ACAF3AF832\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"C310EA3E-399A-48FD-8DE9-6950E328CF23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"293B2998-5169-4960-BEC4-21DAC837E32B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB42A8E7-D273-4CE2-9182-D831D8089BFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB757DFD-BF47-4483-A2C0-DF37F7D10989\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6C375F2-5027-4B55-9112-C5DD2F787E43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAB8D57F-9849-428C-B8E9-D0A1020728BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0359DA8-6B41-46C5-AA95-41B1B366DD4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0965BDB6-9644-465C-AA32-9278B2D53197\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6B15CF-37C1-4C9B-8457-4A8C9A480188\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"072EB16D-1325-4869-B156-65E786A834C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"847B3C3D-8656-404D-A954-09C159EDC8E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65CA2D50-B33C-4088-BDDF-EB964C9A092C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CADB5989-5260-4F60-ACF2-BEB6D7F97654\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"509597D0-22E1-4BE8-95AD-C54FE4D15FA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B86E26CB-2376-4EBC-913C-B354E2D6711B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"539C550D-FEDD-415E-95AE-40E1AE2BAF1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5150753-E86D-4859-A046-97B83EAE2C14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59C5B869-74FC-4051-A103-A721332B3CF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F11E9791-7BCE-43E5-A4BA-6449623FE4F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE521626-2876-455C-9D99-DB74726DC724\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DFDD32E-F49E-47F7-B033-B6C3C0E07FC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCBA26F1-FBBA-444D-9C14-F15AB14A4FC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"16D3B0EA-49F7-401A-A1D9-437429D33EAD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"17EBD8B4-C4D3-44A6-9DC1-89D948F126A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCB08CD7-E9B9-454F-BAF7-96162D177677\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D3DA0B4-E374-4ED4-8C3B-F723C968666F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1730A9A-6810-4470-AE6C-A5356D5BFF43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"709A19A5-8FD1-4F9C-A38C-F06242A94D68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"8104482C-E8F5-40A7-8B27-234FEF725FD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CFF8677-EA00-4F7E-BFF9-272482206DB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D7DF5CD-DA28-492D-B5EE-D252ECCC8D96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"85435026-9855-4BF4-A436-832628B005FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"56C2308F-A590-47B0-9791-7865D189196F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A266882-DABA-4A4C-88E6-60E993EE0947\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83F1142C-3BFB-4B72-A033-81E20DB19D02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FA738A1-227B-4665-B65E-666883FFAE96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F00718C-A9E8-4E85-8DA6-33BF11F2DCCE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"10789A2D-6401-4119-BFBE-2EE4C16216D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"70ABD462-7142-4831-8EB6-801EC1D05573\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81D717DB-7C80-48AA-A774-E291D2E75D6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06B357FB-0307-4EFA-9C5B-3C2CDEA48584\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4BD8840-0F1C-49D3-B843-9CFE64948018\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79D5B492-43F9-470F-BD21-6EFD93E78453\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EC1F602-D48C-458A-A063-4050BE3BB25F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6A1C015-56AD-489C-B301-68CF1DBF1BEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD191625-ACE2-46B6-9AAD-12D682C732C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"02C7DB56-267B-4057-A9BA-36D1E58C6282\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC163D49-691B-4125-A983-6CF6F6D86DEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.2.22.1\", \"matchCriteriaId\": \"DBD4FBDC-F05B-4CDD-8928-7122397A7651\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91AB2B26-A6F1-44D2-92EB-8078DD6FD63A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.\"}, {\"lang\": \"es\", \"value\": \"Action Pack en Ruby on Rails en versiones anteriores a 3.2.22.2, 4.x en versiones anteriores a 4.1.14.2 y 4.2.x en versiones anteriores a 4.2.5.2 permite a atacantes remotos ejecutar c\\u00f3digo Ruby arbitrario aprovechando el uso no restringido del m\\u00e9todo render de una aplicaci\\u00f3n.\"}]",
"id": "CVE-2016-2098",
"lastModified": "2024-11-21T02:47:48.067",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false}]}",
"published": "2016-04-07T23:59:06.643",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3509\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/83725\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id/1035122\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.exploit-db.com/exploits/40086/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3509\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/83725\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1035122\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/40086/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-2098\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-04-07T23:59:06.643\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.\"},{\"lang\":\"es\",\"value\":\"Action Pack en Ruby on Rails en versiones anteriores a 3.2.22.2, 4.x en versiones anteriores a 4.1.14.2 y 4.2.x en versiones anteriores a 4.2.5.2 permite a atacantes remotos ejecutar c\u00f3digo Ruby arbitrario aprovechando el uso no restringido del m\u00e9todo render de una aplicaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E950E33-CD03-45F5-83F9-F106060B4A8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"547C62C8-4B3E-431B-AA73-5C42ED884671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CDAD329-35F7-4C82-8019-A0CF6D069059\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"56D3858B-0FEE-4E8D-83C2-68AF0431F478\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"254884EE-EBA4-45D0-9704-B5CB22569668\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"35FC7015-267C-403B-A23D-EDA6223D2104\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C913A56-959D-44F1-BD89-D246C66D1F09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D5BA926-38EE-47BE-9D16-FDCF360A503B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"18EA25F1-279A-4F1A-883D-C064369F592E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD794856-6F30-4ABF-8AE4-720BB75E6F89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4199B8B-A6F9-4BFD-8D27-0E663D8C579D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F11E76A3-FA5B-4038-AB52-3D7D5E54D8A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C583ACDE-55D5-4D2F-838F-BEC5BDCDE3B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"767C481D-6616-4CA9-9A9B-C994D9121796\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5496953-0C5E-45F8-A7FB-240CEC2CCEB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA46B621-125E-497F-B2DE-91C989B25936\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3239443-2E19-4540-BA0C-05A27E44CB6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"104AC9CF-6611-4469-9852-7FDAF4EC7638\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC9E1864-B1E5-42C3-B4AF-9A002916B66D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31AC91AA-6A9A-43B4-B3E9-A66A34B6E612\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A462C151-982E-4A83-A376-025015F40645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"578CC013-776B-4868-B448-B7ACAF3AF832\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C310EA3E-399A-48FD-8DE9-6950E328CF23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"293B2998-5169-4960-BEC4-21DAC837E32B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB42A8E7-D273-4CE2-9182-D831D8089BFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB757DFD-BF47-4483-A2C0-DF37F7D10989\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6C375F2-5027-4B55-9112-C5DD2F787E43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAB8D57F-9849-428C-B8E9-D0A1020728BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0359DA8-6B41-46C5-AA95-41B1B366DD4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0965BDB6-9644-465C-AA32-9278B2D53197\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6B15CF-37C1-4C9B-8457-4A8C9A480188\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"072EB16D-1325-4869-B156-65E786A834C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"847B3C3D-8656-404D-A954-09C159EDC8E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65CA2D50-B33C-4088-BDDF-EB964C9A092C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CADB5989-5260-4F60-ACF2-BEB6D7F97654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"509597D0-22E1-4BE8-95AD-C54FE4D15FA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B86E26CB-2376-4EBC-913C-B354E2D6711B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539C550D-FEDD-415E-95AE-40E1AE2BAF1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5150753-E86D-4859-A046-97B83EAE2C14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59C5B869-74FC-4051-A103-A721332B3CF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F11E9791-7BCE-43E5-A4BA-6449623FE4F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE521626-2876-455C-9D99-DB74726DC724\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DFDD32E-F49E-47F7-B033-B6C3C0E07FC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCBA26F1-FBBA-444D-9C14-F15AB14A4FC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"16D3B0EA-49F7-401A-A1D9-437429D33EAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"17EBD8B4-C4D3-44A6-9DC1-89D948F126A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCB08CD7-E9B9-454F-BAF7-96162D177677\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D3DA0B4-E374-4ED4-8C3B-F723C968666F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1730A9A-6810-4470-AE6C-A5356D5BFF43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"709A19A5-8FD1-4F9C-A38C-F06242A94D68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8104482C-E8F5-40A7-8B27-234FEF725FD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CFF8677-EA00-4F7E-BFF9-272482206DB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D7DF5CD-DA28-492D-B5EE-D252ECCC8D96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"85435026-9855-4BF4-A436-832628B005FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"56C2308F-A590-47B0-9791-7865D189196F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A266882-DABA-4A4C-88E6-60E993EE0947\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83F1142C-3BFB-4B72-A033-81E20DB19D02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FA738A1-227B-4665-B65E-666883FFAE96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F00718C-A9E8-4E85-8DA6-33BF11F2DCCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"10789A2D-6401-4119-BFBE-2EE4C16216D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"70ABD462-7142-4831-8EB6-801EC1D05573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81D717DB-7C80-48AA-A774-E291D2E75D6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06B357FB-0307-4EFA-9C5B-3C2CDEA48584\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4BD8840-0F1C-49D3-B843-9CFE64948018\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79D5B492-43F9-470F-BD21-6EFD93E78453\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EC1F602-D48C-458A-A063-4050BE3BB25F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6A1C015-56AD-489C-B301-68CF1DBF1BEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD191625-ACE2-46B6-9AAD-12D682C732C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"02C7DB56-267B-4057-A9BA-36D1E58C6282\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC163D49-691B-4125-A983-6CF6F6D86DEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.2.22.1\",\"matchCriteriaId\":\"DBD4FBDC-F05B-4CDD-8928-7122397A7651\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91AB2B26-A6F1-44D2-92EB-8078DD6FD63A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3509\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/83725\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1035122\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.exploit-db.com/exploits/40086/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3509\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/83725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035122\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/40086/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2016-AVI-075
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Ruby On Rails. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 4.1.x antérieures à 4.1.14.2 | ||
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 4.0.x | ||
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 4.2.x antérieures à 4.2.5.2 | ||
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 3.2.X antérieures à 3.2.22.2 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ruby on Rails versions 4.1.x ant\u00e9rieures \u00e0 4.1.14.2",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby on Rails versions 4.0.x",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby on Rails versions 4.2.x ant\u00e9rieures \u00e0 4.2.5.2",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby on Rails versions 3.2.X ant\u00e9rieures \u00e0 3.2.22.2",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2098"
},
{
"name": "CVE-2016-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2097"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails [CVE-2016-2098] du 29 f\u00e9vrier 2016 _Q/WLoOhcMZIAAJ#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ",
"url": "https://groups.google.com/forum/?_escaped_fragment_=msg/rubyonrails-security/ly-IH-fxr"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails [CVE-2016-2097] du 29 f\u00e9vrier 2016 /we0RasMZIAAJ#!msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ",
"url": "https://groups.google.com/forum/?_escaped_fragment_=msg/rubyonrails-security/ddY6HgqB2z4"
}
],
"reference": "CERTFR-2016-AVI-075",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eRuby On Rails\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby On Rails",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails [CVE-2016-2098] du 29 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails [CVE-2016-2097] du 29 f\u00e9vrier 2016",
"url": null
}
]
}
CERTFR-2016-AVI-075
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Ruby On Rails. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 4.1.x antérieures à 4.1.14.2 | ||
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 4.0.x | ||
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 4.2.x antérieures à 4.2.5.2 | ||
| Ruby on Rails | Ruby on Rails | Ruby on Rails versions 3.2.X antérieures à 3.2.22.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ruby on Rails versions 4.1.x ant\u00e9rieures \u00e0 4.1.14.2",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby on Rails versions 4.0.x",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby on Rails versions 4.2.x ant\u00e9rieures \u00e0 4.2.5.2",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
},
{
"description": "Ruby on Rails versions 3.2.X ant\u00e9rieures \u00e0 3.2.22.2",
"product": {
"name": "Ruby on Rails",
"vendor": {
"name": "Ruby on Rails",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2098"
},
{
"name": "CVE-2016-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2097"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails [CVE-2016-2098] du 29 f\u00e9vrier 2016 _Q/WLoOhcMZIAAJ#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ",
"url": "https://groups.google.com/forum/?_escaped_fragment_=msg/rubyonrails-security/ly-IH-fxr"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails [CVE-2016-2097] du 29 f\u00e9vrier 2016 /we0RasMZIAAJ#!msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ",
"url": "https://groups.google.com/forum/?_escaped_fragment_=msg/rubyonrails-security/ddY6HgqB2z4"
}
],
"reference": "CERTFR-2016-AVI-075",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eRuby On Rails\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Ruby On Rails",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails [CVE-2016-2098] du 29 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ruby On Rails [CVE-2016-2097] du 29 f\u00e9vrier 2016",
"url": null
}
]
}
CNVD-2016-01678
Vulnerability from cnvd - Published: 2016-03-16
VLAI Severity ?
Title
Rails任意代码执行漏洞
Description
Rails(Ruby on Rails)是Rails核心团队开发维护的一套基于Ruby语言的开源Web应用框架,它是由大卫-海纳梅尔-韩森从美国37signals公司的项目管理工具Basecamp里分离出来的。
Rails中存在安全漏洞,该漏洞源于程序未能充分过滤用户输入。攻击者可利用该漏洞控制‘render’方法中的参数,执行任意ruby代码。
Severity
中
Patch Name
Rails任意代码执行漏洞的补丁
Patch Description
Rails(Ruby on Rails)是Rails核心团队开发维护的一套基于Ruby语言的开源Web应用框架,它是由大卫-海纳梅尔-韩森从美国37signals公司的项目管理工具Basecamp里分离出来的。
Rails中存在安全漏洞,该漏洞源于程序未能充分过滤用户输入。攻击者可利用该漏洞控制‘render’方法中的参数,执行任意ruby代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
Reference
http://www.debian.org/security/2016/dsa-3509
Impacted products
| Name | Ruby on Rails Ruby on Rails |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-2098"
}
},
"description": "Rails\uff08Ruby on Rails\uff09\u662fRails\u6838\u5fc3\u56e2\u961f\u5f00\u53d1\u7ef4\u62a4\u7684\u4e00\u5957\u57fa\u4e8eRuby\u8bed\u8a00\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\uff0c\u5b83\u662f\u7531\u5927\u536b-\u6d77\u7eb3\u6885\u5c14-\u97e9\u68ee\u4ece\u7f8e\u56fd37signals\u516c\u53f8\u7684\u9879\u76ee\u7ba1\u7406\u5de5\u5177Basecamp\u91cc\u5206\u79bb\u51fa\u6765\u7684\u3002\r\n\r\nRails\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u8fc7\u6ee4\u7528\u6237\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u2018render\u2019\u65b9\u6cd5\u4e2d\u7684\u53c2\u6570\uff0c\u6267\u884c\u4efb\u610fruby\u4ee3\u7801\u3002",
"discovererName": "Uwe Flottemensch",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-01678",
"openTime": "2016-03-16",
"patchDescription": "Rails\uff08Ruby on Rails\uff09\u662fRails\u6838\u5fc3\u56e2\u961f\u5f00\u53d1\u7ef4\u62a4\u7684\u4e00\u5957\u57fa\u4e8eRuby\u8bed\u8a00\u7684\u5f00\u6e90Web\u5e94\u7528\u6846\u67b6\uff0c\u5b83\u662f\u7531\u5927\u536b-\u6d77\u7eb3\u6885\u5c14-\u97e9\u68ee\u4ece\u7f8e\u56fd37signals\u516c\u53f8\u7684\u9879\u76ee\u7ba1\u7406\u5de5\u5177Basecamp\u91cc\u5206\u79bb\u51fa\u6765\u7684\u3002\r\n\r\nRails\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u8fc7\u6ee4\u7528\u6237\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u2018render\u2019\u65b9\u6cd5\u4e2d\u7684\u53c2\u6570\uff0c\u6267\u884c\u4efb\u610fruby\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Rails\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Ruby on Rails Ruby on Rails"
},
"referenceLink": "http://www.debian.org/security/2016/dsa-3509",
"serverity": "\u4e2d",
"submitTime": "2016-03-11",
"title": "Rails\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
FKIE_CVE-2016-2098
Vulnerability from fkie_nvd - Published: 2016-04-07 23:59 - Updated: 2026-05-06 22:30
Severity ?
Summary
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html | ||
| secalert@redhat.com | http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/ | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2016/dsa-3509 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/83725 | ||
| secalert@redhat.com | http://www.securitytracker.com/id/1035122 | ||
| secalert@redhat.com | https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ | ||
| secalert@redhat.com | https://www.exploit-db.com/exploits/40086/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3509 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/83725 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035122 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40086/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| rubyonrails | rails | 4.0.0 | |
| rubyonrails | rails | 4.0.0 | |
| rubyonrails | rails | 4.0.0 | |
| rubyonrails | rails | 4.0.0 | |
| rubyonrails | rails | 4.0.1 | |
| rubyonrails | rails | 4.0.1 | |
| rubyonrails | rails | 4.0.1 | |
| rubyonrails | rails | 4.0.1 | |
| rubyonrails | rails | 4.0.1 | |
| rubyonrails | rails | 4.0.2 | |
| rubyonrails | rails | 4.0.3 | |
| rubyonrails | rails | 4.0.4 | |
| rubyonrails | rails | 4.0.4 | |
| rubyonrails | rails | 4.0.5 | |
| rubyonrails | rails | 4.0.6 | |
| rubyonrails | rails | 4.0.6 | |
| rubyonrails | rails | 4.0.6 | |
| rubyonrails | rails | 4.0.6 | |
| rubyonrails | rails | 4.0.7 | |
| rubyonrails | rails | 4.0.8 | |
| rubyonrails | rails | 4.0.9 | |
| rubyonrails | rails | 4.0.10 | |
| rubyonrails | rails | 4.1.0 | |
| rubyonrails | rails | 4.1.0 | |
| rubyonrails | rails | 4.1.0 | |
| rubyonrails | rails | 4.1.0 | |
| rubyonrails | rails | 4.1.0 | |
| rubyonrails | rails | 4.1.1 | |
| rubyonrails | rails | 4.1.2 | |
| rubyonrails | rails | 4.1.2 | |
| rubyonrails | rails | 4.1.2 | |
| rubyonrails | rails | 4.1.2 | |
| rubyonrails | rails | 4.1.3 | |
| rubyonrails | rails | 4.1.4 | |
| rubyonrails | rails | 4.1.5 | |
| rubyonrails | rails | 4.1.6 | |
| rubyonrails | rails | 4.1.6 | |
| rubyonrails | rails | 4.1.7 | |
| rubyonrails | rails | 4.1.7.1 | |
| rubyonrails | rails | 4.1.8 | |
| rubyonrails | rails | 4.1.9 | |
| rubyonrails | rails | 4.1.10 | |
| rubyonrails | rails | 4.1.10 | |
| rubyonrails | rails | 4.1.10 | |
| rubyonrails | rails | 4.1.10 | |
| rubyonrails | rails | 4.1.12 | |
| rubyonrails | rails | 4.1.13 | |
| rubyonrails | rails | 4.1.14 | |
| rubyonrails | rails | 4.1.14 | |
| rubyonrails | rails | 4.2.0 | |
| rubyonrails | rails | 4.2.0 | |
| rubyonrails | rails | 4.2.0 | |
| rubyonrails | rails | 4.2.0 | |
| rubyonrails | rails | 4.2.0 | |
| rubyonrails | rails | 4.2.0 | |
| rubyonrails | rails | 4.2.0 | |
| rubyonrails | rails | 4.2.1 | |
| rubyonrails | rails | 4.2.1 | |
| rubyonrails | rails | 4.2.1 | |
| rubyonrails | rails | 4.2.1 | |
| rubyonrails | rails | 4.2.1 | |
| rubyonrails | rails | 4.2.2 | |
| rubyonrails | rails | 4.2.3 | |
| rubyonrails | rails | 4.2.3 | |
| rubyonrails | rails | 4.2.4 | |
| rubyonrails | rails | 4.2.4 | |
| rubyonrails | rails | 4.2.5 | |
| rubyonrails | rails | 4.2.5 | |
| rubyonrails | rails | 4.2.5 | |
| rubyonrails | rails | 4.2.5.1 | |
| rubyonrails | ruby_on_rails | * | |
| rubyonrails | ruby_on_rails | 4.1.14.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2E950E33-CD03-45F5-83F9-F106060B4A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "547C62C8-4B3E-431B-AA73-5C42ED884671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4CDAD329-35F7-4C82-8019-A0CF6D069059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "56D3858B-0FEE-4E8D-83C2-68AF0431F478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "254884EE-EBA4-45D0-9704-B5CB22569668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "35FC7015-267C-403B-A23D-EDA6223D2104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5C913A56-959D-44F1-BD89-D246C66D1F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5D5BA926-38EE-47BE-9D16-FDCF360A503B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "18EA25F1-279A-4F1A-883D-C064369F592E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD794856-6F30-4ABF-8AE4-720BB75E6F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4199B8B-A6F9-4BFD-8D27-0E663D8C579D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F11E76A3-FA5B-4038-AB52-3D7D5E54D8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C583ACDE-55D5-4D2F-838F-BEC5BDCDE3B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "767C481D-6616-4CA9-9A9B-C994D9121796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D5496953-0C5E-45F8-A7FB-240CEC2CCEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CA46B621-125E-497F-B2DE-91C989B25936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B3239443-2E19-4540-BA0C-05A27E44CB6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "104AC9CF-6611-4469-9852-7FDAF4EC7638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9E1864-B1E5-42C3-B4AF-9A002916B66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31AC91AA-6A9A-43B4-B3E9-A66A34B6E612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A462C151-982E-4A83-A376-025015F40645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "578CC013-776B-4868-B448-B7ACAF3AF832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C310EA3E-399A-48FD-8DE9-6950E328CF23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "293B2998-5169-4960-BEC4-21DAC837E32B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "FB42A8E7-D273-4CE2-9182-D831D8089BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DB757DFD-BF47-4483-A2C0-DF37F7D10989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6C375F2-5027-4B55-9112-C5DD2F787E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB8D57F-9849-428C-B8E9-D0A1020728BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0359DA8-6B41-46C5-AA95-41B1B366DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0965BDB6-9644-465C-AA32-9278B2D53197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7F6B15CF-37C1-4C9B-8457-4A8C9A480188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "072EB16D-1325-4869-B156-65E786A834C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "847B3C3D-8656-404D-A954-09C159EDC8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65CA2D50-B33C-4088-BDDF-EB964C9A092C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CADB5989-5260-4F60-ACF2-BEB6D7F97654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "509597D0-22E1-4BE8-95AD-C54FE4D15FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B86E26CB-2376-4EBC-913C-B354E2D6711B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "539C550D-FEDD-415E-95AE-40E1AE2BAF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5150753-E86D-4859-A046-97B83EAE2C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "59C5B869-74FC-4051-A103-A721332B3CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F11E9791-7BCE-43E5-A4BA-6449623FE4F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CE521626-2876-455C-9D99-DB74726DC724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2DFDD32E-F49E-47F7-B033-B6C3C0E07FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DCBA26F1-FBBA-444D-9C14-F15AB14A4FC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "16D3B0EA-49F7-401A-A1D9-437429D33EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17EBD8B4-C4D3-44A6-9DC1-89D948F126A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FCB08CD7-E9B9-454F-BAF7-96162D177677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0D3DA0B4-E374-4ED4-8C3B-F723C968666F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B1730A9A-6810-4470-AE6C-A5356D5BFF43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "709A19A5-8FD1-4F9C-A38C-F06242A94D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "8104482C-E8F5-40A7-8B27-234FEF725FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2CFF8677-EA00-4F7E-BFF9-272482206DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8D7DF5CD-DA28-492D-B5EE-D252ECCC8D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "85435026-9855-4BF4-A436-832628B005FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "56C2308F-A590-47B0-9791-7865D189196F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A266882-DABA-4A4C-88E6-60E993EE0947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83F1142C-3BFB-4B72-A033-81E20DB19D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1FA738A1-227B-4665-B65E-666883FFAE96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6F00718C-A9E8-4E85-8DA6-33BF11F2DCCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "10789A2D-6401-4119-BFBE-2EE4C16216D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "70ABD462-7142-4831-8EB6-801EC1D05573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "81D717DB-7C80-48AA-A774-E291D2E75D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06B357FB-0307-4EFA-9C5B-3C2CDEA48584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E4BD8840-0F1C-49D3-B843-9CFE64948018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79D5B492-43F9-470F-BD21-6EFD93E78453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4EC1F602-D48C-458A-A063-4050BE3BB25F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A1C015-56AD-489C-B301-68CF1DBF1BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FD191625-ACE2-46B6-9AAD-12D682C732C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "02C7DB56-267B-4057-A9BA-36D1E58C6282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC163D49-691B-4125-A983-6CF6F6D86DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD4FBDC-F05B-4CDD-8928-7122397A7651",
"versionEndIncluding": "3.2.22.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91AB2B26-A6F1-44D2-92EB-8078DD6FD63A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method."
},
{
"lang": "es",
"value": "Action Pack en Ruby on Rails en versiones anteriores a 3.2.22.2, 4.x en versiones anteriores a 4.1.14.2 y 4.2.x en versiones anteriores a 4.2.5.2 permite a atacantes remotos ejecutar c\u00f3digo Ruby arbitrario aprovechando el uso no restringido del m\u00e9todo render de una aplicaci\u00f3n."
}
],
"id": "CVE-2016-2098",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-07T23:59:06.643",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2016/dsa-3509"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/83725"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1035122"
},
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
},
{
"source": "secalert@redhat.com",
"url": "https://www.exploit-db.com/exploits/40086/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/83725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40086/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-78RC-8C29-P45G
Vulnerability from github – Published: 2017-10-24 18:33 – Updated: 2023-07-03 18:58
VLAI?
Summary
actionpack allows remote code execution via application's unrestricted use of render method
Details
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Severity ?
7.3 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.2.22.1"
},
"package": {
"ecosystem": "RubyGems",
"name": "actionpack"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.2.22.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.14.1"
},
"package": {
"ecosystem": "RubyGems",
"name": "actionpack"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.1.14.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.5.1"
},
"package": {
"ecosystem": "RubyGems",
"name": "actionpack"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "4.2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-2098"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:22:13Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.",
"id": "GHSA-78rc-8c29-p45g",
"modified": "2023-07-03T18:58:43Z",
"published": "2017-10-24T18:33:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098"
},
{
"type": "PACKAGE",
"url": "https://github.com/rails/rails"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/40086"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"type": "WEB",
"url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3509"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "actionpack allows remote code execution via application\u0027s unrestricted use of render method"
}
GSD-2016-2098
Vulnerability from gsd - Updated: 2016-02-29 00:00Details
There is a possible remote code execution vulnerability in Action Pack.
This vulnerability has been assigned the CVE identifier CVE-2016-2098.
Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x
Not affected: 5.0+
Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2
Impact
------
Applications that pass unverified user input to the `render` method in a
controller or a view may be vulnerable to a code injection.
Impacted code will look like this:
```ruby
class TestController < ApplicationController
def show
render params[:id]
end
end
```
An attacker could use the request parameters to coerce the above example
to execute arbitrary ruby code.
All users running an affected release should either upgrade or use one of
the workarounds immediately.
Releases
--------
The FIXED releases are available at the normal locations.
Workarounds
-----------
A workaround to this issue is to not pass arbitrary user input to the `render`
method. Instead, verify that data before passing it to the `render` method.
For example, change this:
```ruby
def index
render params[:id]
end
```
To this:
```ruby
def index
render verify_template(params[:id])
end
private
def verify_template(name)
# add verification logic particular to your application here
end
```
Patches
-------
To aid users who aren't able to upgrade immediately we have provided a
patch for it. It is in git-am format and consist of a single changeset.
* 3-2-secure_inline_with_params.patch - Patch for 3.2 series
* 4-1-secure_inline_with_params.patch - Patch for 4.1 series
* 4-2-secure_inline_with_params.patch - Patch for 4.2 series
Credits
-------
Thanks to both Tobias Kraze from makandra and joernchen of Phenoelit for
reporting this!
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-2098",
"description": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.",
"id": "GSD-2016-2098",
"references": [
"https://www.suse.com/security/cve/CVE-2016-2098.html",
"https://www.debian.org/security/2016/dsa-3509",
"https://access.redhat.com/errata/RHSA-2016:0456",
"https://access.redhat.com/errata/RHSA-2016:0455",
"https://access.redhat.com/errata/RHSA-2016:0454",
"https://packetstormsecurity.com/files/cve/CVE-2016-2098"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "actionpack",
"purl": "pkg:gem/actionpack"
}
}
],
"aliases": [
"CVE-2016-2098",
"GHSA-78rc-8c29-p45g"
],
"details": "There is a possible remote code execution vulnerability in Action Pack.\nThis vulnerability has been assigned the CVE identifier CVE-2016-2098.\n\nVersions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x\nNot affected: 5.0+\nFixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2\n\nImpact\n------\nApplications that pass unverified user input to the `render` method in a\ncontroller or a view may be vulnerable to a code injection.\n\nImpacted code will look like this:\n\n```ruby\nclass TestController \u003c ApplicationController\n def show\n render params[:id]\n end\nend\n```\n\nAn attacker could use the request parameters to coerce the above example\nto execute arbitrary ruby code.\n\nAll users running an affected release should either upgrade or use one of\nthe workarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nA workaround to this issue is to not pass arbitrary user input to the `render`\nmethod. Instead, verify that data before passing it to the `render` method.\n\nFor example, change this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nTo this:\n\n```ruby\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n```\n\nPatches\n-------\nTo aid users who aren\u0027t able to upgrade immediately we have provided a\npatch for it. It is in git-am format and consist of a single changeset.\n\n* 3-2-secure_inline_with_params.patch - Patch for 3.2 series\n* 4-1-secure_inline_with_params.patch - Patch for 4.1 series\n* 4-2-secure_inline_with_params.patch - Patch for 4.2 series\n\nCredits\n-------\nThanks to both Tobias Kraze from makandra and joernchen of Phenoelit for\nreporting this!\n",
"id": "GSD-2016-2098",
"modified": "2016-02-29T00:00:00.000Z",
"published": "2016-02-29T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 7.3,
"type": "CVSS_V3"
}
],
"summary": "Possible remote code execution vulnerability in Action Pack"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:0867",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
},
{
"name": "SUSE-SU-2016:0967",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
},
{
"name": "DSA-3509",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3509"
},
{
"name": "83725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83725"
},
{
"name": "1035122",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035122"
},
{
"name": "40086",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40086/"
},
{
"name": "SUSE-SU-2016:0854",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
},
{
"name": "openSUSE-SU-2016:0790",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
},
{
"name": "SUSE-SU-2016:1146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "openSUSE-SU-2016:0835",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
},
{
"name": "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
},
{
"name": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2016-2098",
"cvss_v3": 7.3,
"date": "2016-02-29",
"description": "There is a possible remote code execution vulnerability in Action Pack.\nThis vulnerability has been assigned the CVE identifier CVE-2016-2098.\n\nVersions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x\nNot affected: 5.0+\nFixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2\n\nImpact\n------\nApplications that pass unverified user input to the `render` method in a\ncontroller or a view may be vulnerable to a code injection.\n\nImpacted code will look like this:\n\n```ruby\nclass TestController \u003c ApplicationController\n def show\n render params[:id]\n end\nend\n```\n\nAn attacker could use the request parameters to coerce the above example\nto execute arbitrary ruby code.\n\nAll users running an affected release should either upgrade or use one of\nthe workarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nA workaround to this issue is to not pass arbitrary user input to the `render`\nmethod. Instead, verify that data before passing it to the `render` method.\n\nFor example, change this:\n\n```ruby\ndef index\n render params[:id]\nend\n```\n\nTo this:\n\n```ruby\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n```\n\nPatches\n-------\nTo aid users who aren\u0027t able to upgrade immediately we have provided a\npatch for it. It is in git-am format and consist of a single changeset.\n\n* 3-2-secure_inline_with_params.patch - Patch for 3.2 series\n* 4-1-secure_inline_with_params.patch - Patch for 4.1 series\n* 4-2-secure_inline_with_params.patch - Patch for 4.2 series\n\nCredits\n-------\nThanks to both Tobias Kraze from makandra and joernchen of Phenoelit for\nreporting this!\n",
"framework": "rails",
"gem": "actionpack",
"ghsa": "78rc-8c29-p45g",
"patched_versions": [
"~\u003e 3.2.22.2",
"~\u003e 4.2.5, \u003e= 4.2.5.2",
"~\u003e 4.1.14, \u003e= 4.1.14.2"
],
"title": "Possible remote code execution vulnerability in Action Pack",
"unaffected_versions": [
"\u003e= 5.0.0.beta1"
],
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=3.2.0.0.alpha \u003c3.2.22.2||\u003e=4.0.0.0.alpha \u003c4.1.14.2||\u003e=4.2.0.0.alpha \u003c4.2.5.2",
"affected_versions": "All versions starting from 3.2.0.0.alpha before 3.2.22.2, all versions starting from 4.0.0.0.alpha before 4.1.14.2, all versions starting from 4.2.0.0.alpha before 4.2.5.2",
"credit": "Tobias Kraze from makandra and Joernchen of Phenoelit ",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2019-08-08",
"description": "Applications that pass unverified user input to the `render` method in a controller or a view may be vulnerable to a code injection. An attacker could use the request parameters to coerce the controller to execute arbitrary ruby code. ",
"fixed_versions": [
"3.2.22.2",
"4.1.14.2",
"4.2.5.2"
],
"identifier": "CVE-2016-2098",
"identifiers": [
"CVE-2016-2098"
],
"not_impacted": "5.x",
"package_slug": "gem/actionpack",
"pubdate": "2016-04-07",
"solution": "Upgrade to latest or use workaround; see provided link.",
"title": "Possible remote code execution vulnerability",
"urls": [
"https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q"
],
"uuid": "b3cdad83-848a-4732-abfe-e80fd612fc74"
},
{
"affected_range": "\u003e=4.0.0 \u003c=4.2.5.1",
"affected_versions": "All versions starting from 4.0.0 up to 4.2.5.1",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2019-08-08",
"description": "The Rails gem allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.",
"fixed_versions": [
"4.2.5.2"
],
"identifier": "CVE-2016-2098",
"identifiers": [
"CVE-2016-2098"
],
"not_impacted": "All versions before 4.0.0, all versions after 4.2.5.1",
"package_slug": "gem/rails",
"pubdate": "2016-04-07",
"solution": "Upgrade to versions 4.2.5.2 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2016-2098"
],
"uuid": "dc7fde99-dad9-4ab9-be35-5fc0aabb03c5"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.2.22.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2098"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/"
},
{
"name": "1035122",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1035122"
},
{
"name": "[ruby-security-ann] 20160229 [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack",
"refsource": "MLIST",
"tags": [],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
},
{
"name": "DSA-3509",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2016/dsa-3509"
},
{
"name": "83725",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/83725"
},
{
"name": "openSUSE-SU-2016:0835",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html"
},
{
"name": "SUSE-SU-2016:0867",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html"
},
{
"name": "SUSE-SU-2016:1146",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html"
},
{
"name": "SUSE-SU-2016:0854",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html"
},
{
"name": "openSUSE-SU-2016:0790",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html"
},
{
"name": "SUSE-SU-2016:0967",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html"
},
{
"name": "40086",
"refsource": "EXPLOIT-DB",
"tags": [],
"url": "https://www.exploit-db.com/exploits/40086/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH"
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
},
"lastModifiedDate": "2019-08-08T15:43Z",
"publishedDate": "2016-04-07T23:59Z"
}
}
}
OPENSUSE-SU-2024:10057-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10057
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
7 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2016-2098/ | self |
| https://www.suse.com/security/cve/CVE-2016-2098 | external |
| https://bugzilla.suse.com/968849 | external |
| https://bugzilla.suse.com/969943 | external |
| https://bugzilla.suse.com/993313 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10057",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10057-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2098 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2098/"
}
],
"title": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10057-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-2098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2098"
}
],
"notes": [
{
"category": "general",
"text": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2098",
"url": "https://www.suse.com/security/cve/CVE-2016-2098"
},
{
"category": "external",
"summary": "SUSE Bug 968849 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/968849"
},
{
"category": "external",
"summary": "SUSE Bug 969943 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/969943"
},
{
"category": "external",
"summary": "SUSE Bug 993313 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/993313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionview-doc-5_0-5.0.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-2098"
}
]
}
OPENSUSE-SU-2024:10332-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10332
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2014-4671/ | self |
| https://www.suse.com/security/cve/CVE-2014-7818/ | self |
| https://www.suse.com/security/cve/CVE-2014-7829/ | self |
| https://www.suse.com/security/cve/CVE-2016-2098/ | self |
| https://www.suse.com/security/cve/CVE-2014-4671 | external |
| https://bugzilla.suse.com/886454 | external |
| https://bugzilla.suse.com/891688 | external |
| https://www.suse.com/security/cve/CVE-2014-7818 | external |
| https://bugzilla.suse.com/903662 | external |
| https://bugzilla.suse.com/905727 | external |
| https://www.suse.com/security/cve/CVE-2014-7829 | external |
| https://bugzilla.suse.com/905727 | external |
| https://www.suse.com/security/cve/CVE-2016-2098 | external |
| https://bugzilla.suse.com/968849 | external |
| https://bugzilla.suse.com/969943 | external |
| https://bugzilla.suse.com/993313 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10332",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10332-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4671 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7818 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7829 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2098 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2098/"
}
],
"title": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10332-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"product_id": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"product_id": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"product_id": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"product_id": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"product_id": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"product_id": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"product": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"product_id": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"product": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"product_id": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
},
"product_reference": "ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
},
"product_reference": "ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-4671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4671"
}
],
"notes": [
{
"category": "general",
"text": "Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK \u0026 Compiler before 14.0.0.137 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4671",
"url": "https://www.suse.com/security/cve/CVE-2014-4671"
},
{
"category": "external",
"summary": "SUSE Bug 886454 for CVE-2014-4671",
"url": "https://bugzilla.suse.com/886454"
},
{
"category": "external",
"summary": "SUSE Bug 891688 for CVE-2014-4671",
"url": "https://bugzilla.suse.com/891688"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2014-4671"
},
{
"cve": "CVE-2014-7818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7818"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7818",
"url": "https://www.suse.com/security/cve/CVE-2014-7818"
},
{
"category": "external",
"summary": "SUSE Bug 903662 for CVE-2014-7818",
"url": "https://bugzilla.suse.com/903662"
},
{
"category": "external",
"summary": "SUSE Bug 905727 for CVE-2014-7818",
"url": "https://bugzilla.suse.com/905727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2014-7818"
},
{
"cve": "CVE-2014-7829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7829"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \\ (backslash) character, a similar issue to CVE-2014-7818.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7829",
"url": "https://www.suse.com/security/cve/CVE-2014-7829"
},
{
"category": "external",
"summary": "SUSE Bug 905727 for CVE-2014-7829",
"url": "https://bugzilla.suse.com/905727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-7829"
},
{
"cve": "CVE-2016-2098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2098"
}
],
"notes": [
{
"category": "general",
"text": "Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application\u0027s unrestricted use of the render method.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2098",
"url": "https://www.suse.com/security/cve/CVE-2016-2098"
},
{
"category": "external",
"summary": "SUSE Bug 968849 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/968849"
},
{
"category": "external",
"summary": "SUSE Bug 969943 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/969943"
},
{
"category": "external",
"summary": "SUSE Bug 993313 for CVE-2016-2098",
"url": "https://bugzilla.suse.com/993313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.2-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-5_0-5.0.0.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-4_2-4.2.7.1-1.1.x86_64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.s390x",
"openSUSE Tumbleweed:ruby2.3-rubygem-actionpack-doc-5_0-5.0.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-2098"
}
]
}
RHSA-2016:0454
Vulnerability from csaf_redhat - Published: 2016-03-15 20:56 - Updated: 2026-03-02 16:08Summary
Red Hat Security Advisory: ror40 security update
Severity
Important
Notes
Topic: Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages
that fix multiple security issues are now available for Red Hat Software
Collections.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details: The ror40 collection provides Ruby on Rails version 4.0. Ruby on Rails is
a model-view-controller (MVC) framework for web application development.
The following issues were corrected in rubygem-actionpack:
Multiple directory traversal flaws were found in the way the Action View
component searched for templates for rendering. If an application passed
untrusted input to the 'render' method, a remote, unauthenticated attacker
could use these flaws to render unexpected files and, possibly, execute
arbitrary code. (CVE-2016-0752, CVE-2016-2097)
A code injection flaw was found in the way the Action View component
searched for templates for rendering. If an application passed untrusted
input to the 'render' method, a remote, unauthenticated attacker could use
this flaw to execute arbitrary code. (CVE-2016-2098)
A flaw was found in the way the Action Pack component performed MIME type
lookups. Since queries were cached in a global cache of MIME types, an
attacker could use this flaw to grow the cache indefinitely, potentially
resulting in a denial of service. (CVE-2016-0751)
A flaw was found in the Action Pack component's caching of controller
references. An attacker could use this flaw to cause unbounded memory
growth, potentially resulting in a denial of service. (CVE-2015-7581)
A flaw was found in the way the Action Controller component compared user
names and passwords when performing HTTP basic authentication. Time taken
to compare strings could differ depending on input, possibly allowing a
remote attacker to determine valid user names and passwords using a timing
attack. (CVE-2015-7576)
The following issue was corrected in rubygem-activerecord:
A flaw was found in the Active Record component's handling of nested
attributes in combination with the destroy flag. An attacker could possibly
use this flaw to set attributes to invalid values or clear all attributes.
(CVE-2015-7577)
Red Hat would like to thank the Ruby on Rails project for reporting these
issues. Upstream acknowledges John Poulin as the original reporter of
CVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original
reporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen
(Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red
Hat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the
original reporter of CVE-2015-7576, and Justin Coyne as the original
reporter of CVE-2015-7577.
All ror40 collection rubygem-actionpack and rubygem-activerecord packages
users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. All running applications using
the ror40 collection must be restarted for this update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack.
4.3 ()
Affected products
Fixed
64 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes.
4.3 ()
Affected products
Fixed
64 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Action Pack component's caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service.
4.3 ()
Affected products
Fixed
64 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service.
4.3 ()
Affected products
Fixed
64 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.
6.8 ()
Affected products
Fixed
64 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.
6.8 ()
Affected products
Fixed
64 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code.
6.8 ()
Affected products
Fixed
64 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
48 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2016:0454 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301933 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301946 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301957 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301963 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301981 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1310043 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1310054 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2015-7576 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301933 | external |
| https://www.cve.org/CVERecord?id=CVE-2015-7576 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2015-7576 | external |
| http://weblog.rubyonrails.org/2016/1/25/Rails-5-0… | external |
| https://groups.google.com/forum/#!msg/rubyonrails… | external |
| https://access.redhat.com/security/cve/CVE-2015-7577 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301957 | external |
| https://www.cve.org/CVERecord?id=CVE-2015-7577 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2015-7577 | external |
| https://groups.google.com/forum/#!msg/rubyonrails… | external |
| https://access.redhat.com/security/cve/CVE-2015-7581 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301981 | external |
| https://www.cve.org/CVERecord?id=CVE-2015-7581 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2015-7581 | external |
| https://groups.google.com/forum/#!msg/rubyonrails… | external |
| https://access.redhat.com/security/cve/CVE-2016-0751 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301946 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-0751 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-0751 | external |
| https://groups.google.com/forum/#!msg/rubyonrails… | external |
| https://access.redhat.com/security/cve/CVE-2016-0752 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301963 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-0752 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-0752 | external |
| https://groups.google.com/forum/#!msg/rubyonrails… | external |
| https://nvisium.com/blog/2016/01/26/rails-dynamic… | external |
| https://www.cisa.gov/known-exploited-vulnerabilit… | external |
| https://access.redhat.com/security/cve/CVE-2016-2097 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1310043 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-2097 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-2097 | external |
| https://groups.google.com/forum/#!msg/rubyonrails… | external |
| https://access.redhat.com/security/cve/CVE-2016-2098 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1310054 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-2098 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-2098 | external |
| https://groups.google.com/forum/#!msg/rubyonrails… | external |
Acknowledgments
the Ruby on Rails project
Daniel Waterworth
Justin Coyne
Red Hat
Aaron Patterson
John Poulin
Jyoti Singh
makandra
Tobias Kraze
Phenoelit
joernchen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated ror40-rubygem-actionpack and ror40-rubygem-activerecord packages\nthat fix multiple security issues are now available for Red Hat Software\nCollections.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The ror40 collection provides Ruby on Rails version 4.0. Ruby on Rails is\na model-view-controller (MVC) framework for web application development.\n\nThe following issues were corrected in rubygem-actionpack:\n\nMultiple directory traversal flaws were found in the way the Action View\ncomponent searched for templates for rendering. If an application passed\nuntrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker\ncould use these flaws to render unexpected files and, possibly, execute\narbitrary code. (CVE-2016-0752, CVE-2016-2097)\n\nA code injection flaw was found in the way the Action View component\nsearched for templates for rendering. If an application passed untrusted\ninput to the \u0027render\u0027 method, a remote, unauthenticated attacker could use\nthis flaw to execute arbitrary code. (CVE-2016-2098)\n\nA flaw was found in the way the Action Pack component performed MIME type\nlookups. Since queries were cached in a global cache of MIME types, an\nattacker could use this flaw to grow the cache indefinitely, potentially\nresulting in a denial of service. (CVE-2016-0751)\n\nA flaw was found in the Action Pack component\u0027s caching of controller\nreferences. An attacker could use this flaw to cause unbounded memory\ngrowth, potentially resulting in a denial of service. (CVE-2015-7581)\n\nA flaw was found in the way the Action Controller component compared user\nnames and passwords when performing HTTP basic authentication. Time taken\nto compare strings could differ depending on input, possibly allowing a\nremote attacker to determine valid user names and passwords using a timing\nattack. (CVE-2015-7576)\n\nThe following issue was corrected in rubygem-activerecord:\n\nA flaw was found in the Active Record component\u0027s handling of nested\nattributes in combination with the destroy flag. An attacker could possibly\nuse this flaw to set attributes to invalid values or clear all attributes.\n(CVE-2015-7577)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these\nissues. Upstream acknowledges John Poulin as the original reporter of\nCVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original\nreporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen\n(Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red\nHat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the\noriginal reporter of CVE-2015-7576, and Justin Coyne as the original\nreporter of CVE-2015-7577.\n\nAll ror40 collection rubygem-actionpack and rubygem-activerecord packages\nusers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nthe ror40 collection must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:0454",
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1301933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
},
{
"category": "external",
"summary": "1301946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
},
{
"category": "external",
"summary": "1301957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
},
{
"category": "external",
"summary": "1301963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
},
{
"category": "external",
"summary": "1301981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981"
},
{
"category": "external",
"summary": "1310043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043"
},
{
"category": "external",
"summary": "1310054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0454.json"
}
],
"title": "Red Hat Security Advisory: ror40 security update",
"tracking": {
"current_release_date": "2026-03-02T16:08:47+00:00",
"generator": {
"date": "2026-03-02T16:08:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2016:0454",
"initial_release_date": "2016-03-15T20:56:17+00:00",
"revision_history": [
{
"date": "2016-03-15T20:56:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-03-15T20:56:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-02T16:08:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"product": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"product_id": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activerecord@4.0.2-6.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"product": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"product_id": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activesupport@4.0.2-4.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"product": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"product_id": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-actionpack@4.0.2-7.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"product": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"product_id": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activerecord@4.0.2-6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"product": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"product_id": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activesupport@4.0.2-4.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"product": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"product_id": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-actionpack@4.0.2-7.el6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"product": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"product_id": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activerecord@4.0.2-6.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"product": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"product_id": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activerecord-doc@4.0.2-6.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"product": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"product_id": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activesupport@4.0.2-4.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"product": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"product_id": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-actionpack@4.0.2-7.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"product": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"product_id": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-actionpack-doc@4.0.2-7.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"product": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"product_id": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activerecord@4.0.2-6.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"product": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"product_id": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activerecord-doc@4.0.2-6.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"product": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"product_id": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-activesupport@4.0.2-4.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"product": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"product_id": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-actionpack-doc@4.0.2-7.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"product": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"product_id": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ror40-rubygem-actionpack@4.0.2-7.el6?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src"
},
"product_reference": "ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch"
},
"product_reference": "ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src"
},
"product_reference": "ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch"
},
"product_reference": "ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
},
"product_reference": "ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Daniel Waterworth"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-7576",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301933"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7576"
},
{
"category": "external",
"summary": "RHBZ#1301933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7576"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
},
{
"category": "workaround",
"details": "Use following code to monkey-patch http_basic_authenticate_with method in ActionController:\n\n~~~\nmodule ActiveSupport\n module SecurityUtils\n def secure_compare(a, b)\n return false unless a.bytesize == b.bytesize\n\n l = a.unpack \"C#{a.bytesize}\"\n\n res = 0\n b.each_byte { |byte| res |= byte ^ l.shift }\n res == 0\n end\n module_function :secure_compare\n\n def variable_size_secure_compare(a, b)\n secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))\n end\n module_function :variable_size_secure_compare\n end\nend\n\nmodule ActionController\n class Base\n def self.http_basic_authenticate_with(options = {})\n before_action(options.except(:name, :password, :realm)) do\n authenticate_or_request_with_http_basic(options[:realm] || \"Application\") do |name, password|\n # This comparison uses \u0026 so that it doesn\u0027t short circuit and\n # uses `variable_size_secure_compare` so that length information\n # isn\u0027t leaked.\n ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) \u0026\n ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password])\n end\n end\n end\n end\nend\n~~~",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Justin Coyne"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-7577",
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Active Record component\u0027s handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7577"
},
{
"category": "external",
"summary": "RHBZ#1301957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7577"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
}
],
"cve": "CVE-2015-7581",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301981"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Action Pack component\u0027s caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7581"
},
{
"category": "external",
"summary": "RHBZ#1301981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7581",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/dthJ5wL69JE/YzPnFelbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Aaron Patterson"
],
"organization": "Red Hat",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0751",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0751"
},
{
"category": "external",
"summary": "RHBZ#1301946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
},
{
"category": "workaround",
"details": "Use following code to monkey-patch mime types cache and disable caching.\n\n```\nrequire \u0027action_dispatch/http/mime_type\u0027\n\nMime.const_set :LOOKUP, Hash.new { |h,k|\n Mime::Type.new(k) unless k.blank?\n} \n```\n\nAlternatively perform filtering of mime types in the Accept header to allow only known types.",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"John Poulin"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0752",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301963"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: directory traversal flaw in Action View",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "RHBZ#1301963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ"
},
{
"category": "external",
"summary": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/",
"url": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
},
{
"category": "workaround",
"details": "Avoid passing untrusted input to render method, or verify the input using whitelist before passing it to the render method:\n\n```\n\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n\n```",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: directory traversal flaw in Action View"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Jyoti Singh"
],
"summary": "Acknowledged by upstream."
},
{
"names": [
"Tobias Kraze"
],
"organization": "makandra",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2097",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2016-02-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1310043"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2097"
},
{
"category": "external",
"summary": "RHBZ#1310043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ"
}
],
"release_date": "2016-02-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Tobias Kraze"
],
"organization": "makandra",
"summary": "Acknowledged by upstream."
},
{
"names": [
"joernchen"
],
"organization": "Phenoelit",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2098",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2016-02-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1310054"
}
],
"notes": [
{
"category": "description",
"text": "A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: code injection vulnerability in Action View",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2098"
},
{
"category": "external",
"summary": "RHBZ#1310054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
}
],
"release_date": "2016-02-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:56:17+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0454"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el6.src",
"6Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.noarch",
"6Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Server-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Server-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-1:4.0.2-7.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-actionpack-doc-1:4.0.2-7.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-1:4.0.2-6.el7.src",
"7Workstation-RHSCL-2.1:ror40-rubygem-activerecord-doc-1:4.0.2-6.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.noarch",
"7Workstation-RHSCL-2.1:ror40-rubygem-activesupport-1:4.0.2-4.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: code injection vulnerability in Action View"
}
]
}
RHSA-2016:0455
Vulnerability from csaf_redhat - Published: 2016-03-15 20:55 - Updated: 2026-03-02 16:08Summary
Red Hat Security Advisory: ruby193 security update
Severity
Important
Notes
Topic: Updated ruby193-rubygem-actionpack and ruby193-rubygem-activerecord
packages that fix multiple security issues are now available for Red Hat
Software Collections.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details: The ruby193 collection provides Ruby version 1.9.3 and Ruby on Rails
version 3.2. Ruby on Rails is a model-view-controller (MVC) framework for
web application development.
The following issues were corrected in rubygem-actionpack:
Multiple directory traversal flaws were found in the way the Action View
component searched for templates for rendering. If an application passed
untrusted input to the 'render' method, a remote, unauthenticated attacker
could use these flaws to render unexpected files and, possibly, execute
arbitrary code. (CVE-2016-0752, CVE-2016-2097)
A code injection flaw was found in the way the Action View component
searched for templates for rendering. If an application passed untrusted
input to the 'render' method, a remote, unauthenticated attacker could use
this flaw to execute arbitrary code. (CVE-2016-2098)
A flaw was found in the way the Action Pack component performed MIME type
lookups. Since queries were cached in a global cache of MIME types, an
attacker could use this flaw to grow the cache indefinitely, potentially
resulting in a denial of service. (CVE-2016-0751)
A flaw was found in the way the Action Controller component compared user
names and passwords when performing HTTP basic authentication. Time taken
to compare strings could differ depending on input, possibly allowing a
remote attacker to determine valid user names and passwords using a timing
attack. (CVE-2015-7576)
The following issue was corrected in rubygem-activerecord:
A flaw was found in the Active Record component's handling of nested
attributes in combination with the destroy flag. An attacker could possibly
use this flaw to set attributes to invalid values or clear all attributes.
(CVE-2015-7577)
Red Hat would like to thank the Ruby on Rails project for reporting these
issues. Upstream acknowledges John Poulin as the original reporter of
CVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original
reporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen
(Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red
Hat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the
original reporter of CVE-2015-7576, and Justin Coyne as the original
reporter of CVE-2015-7577.
All ruby193 collection rubygem-actionpack and rubygem-activerecord packages
users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. All running applications using
the ruby193 collection must be restarted for this update to take effect.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack.
4.3 ()
Affected products
Fixed
64 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes.
4.3 ()
Affected products
Fixed
64 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service.
4.3 ()
Affected products
Fixed
64 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.
6.8 ()
Affected products
Fixed
64 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.
6.8 ()
Affected products
Fixed
64 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code.
6.8 ()
Affected products
Fixed
64 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
42 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2016:0455 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301933 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301946 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301957 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301963 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1310043 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1310054 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2015-7576 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301933 | external |
| https://www.cve.org/CVERecord?id=CVE-2015-7576 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2015-7576 | external |
| http://weblog.rubyonrails.org/2016/1/25/Rails-5-0… | external |
| https://groups.google.com/forum/#!msg/rubyonrails… | external |
| https://access.redhat.com/security/cve/CVE-2015-7577 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301957 | external |
| https://www.cve.org/CVERecord?id=CVE-2015-7577 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2015-7577 | external |
| https://groups.google.com/forum/#!msg/rubyonrails… | external |
| https://access.redhat.com/security/cve/CVE-2016-0751 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301946 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-0751 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-0751 | external |
| https://groups.google.com/forum/#!msg/rubyonrails… | external |
| https://access.redhat.com/security/cve/CVE-2016-0752 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1301963 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-0752 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-0752 | external |
| https://groups.google.com/forum/#!msg/rubyonrails… | external |
| https://nvisium.com/blog/2016/01/26/rails-dynamic… | external |
| https://www.cisa.gov/known-exploited-vulnerabilit… | external |
| https://access.redhat.com/security/cve/CVE-2016-2097 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1310043 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-2097 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-2097 | external |
| https://groups.google.com/forum/#!msg/rubyonrails… | external |
| https://access.redhat.com/security/cve/CVE-2016-2098 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1310054 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-2098 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-2098 | external |
| https://groups.google.com/forum/#!msg/rubyonrails… | external |
Acknowledgments
the Ruby on Rails project
Daniel Waterworth
Justin Coyne
Red Hat
Aaron Patterson
John Poulin
Jyoti Singh
makandra
Tobias Kraze
Phenoelit
joernchen
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated ruby193-rubygem-actionpack and ruby193-rubygem-activerecord\npackages that fix multiple security issues are now available for Red Hat\nSoftware Collections.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The ruby193 collection provides Ruby version 1.9.3 and Ruby on Rails\nversion 3.2. Ruby on Rails is a model-view-controller (MVC) framework for\nweb application development.\n\nThe following issues were corrected in rubygem-actionpack:\n\nMultiple directory traversal flaws were found in the way the Action View\ncomponent searched for templates for rendering. If an application passed\nuntrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker\ncould use these flaws to render unexpected files and, possibly, execute\narbitrary code. (CVE-2016-0752, CVE-2016-2097)\n\nA code injection flaw was found in the way the Action View component\nsearched for templates for rendering. If an application passed untrusted\ninput to the \u0027render\u0027 method, a remote, unauthenticated attacker could use\nthis flaw to execute arbitrary code. (CVE-2016-2098)\n\nA flaw was found in the way the Action Pack component performed MIME type\nlookups. Since queries were cached in a global cache of MIME types, an\nattacker could use this flaw to grow the cache indefinitely, potentially\nresulting in a denial of service. (CVE-2016-0751)\n\nA flaw was found in the way the Action Controller component compared user\nnames and passwords when performing HTTP basic authentication. Time taken\nto compare strings could differ depending on input, possibly allowing a\nremote attacker to determine valid user names and passwords using a timing\nattack. (CVE-2015-7576)\n\nThe following issue was corrected in rubygem-activerecord:\n\nA flaw was found in the Active Record component\u0027s handling of nested\nattributes in combination with the destroy flag. An attacker could possibly\nuse this flaw to set attributes to invalid values or clear all attributes.\n(CVE-2015-7577)\n\nRed Hat would like to thank the Ruby on Rails project for reporting these\nissues. Upstream acknowledges John Poulin as the original reporter of\nCVE-2016-0752, Jyoti Singh and Tobias Kraze (makandra) as original\nreporters of CVE-2016-2097, Tobias Kraze (makandra) and joernchen\n(Phenoelit) as original reporters of CVE-2016-2098, Aaron Patterson (Red\nHat) as the original reporter of CVE-2016-0751, Daniel Waterworth as the\noriginal reporter of CVE-2015-7576, and Justin Coyne as the original\nreporter of CVE-2015-7577.\n\nAll ruby193 collection rubygem-actionpack and rubygem-activerecord packages\nusers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. All running applications using\nthe ruby193 collection must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:0455",
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1301933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
},
{
"category": "external",
"summary": "1301946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
},
{
"category": "external",
"summary": "1301957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
},
{
"category": "external",
"summary": "1301963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
},
{
"category": "external",
"summary": "1310043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043"
},
{
"category": "external",
"summary": "1310054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0455.json"
}
],
"title": "Red Hat Security Advisory: ruby193 security update",
"tracking": {
"current_release_date": "2026-03-02T16:08:45+00:00",
"generator": {
"date": "2026-03-02T16:08:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2016:0455",
"initial_release_date": "2016-03-15T20:55:59+00:00",
"revision_history": [
{
"date": "2016-03-15T20:55:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-03-15T20:55:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-02T16:08:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:2::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"product": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"product_id": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activerecord@3.2.8-11.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"product": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"product_id": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activesupport@3.2.8-6.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-16.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"product": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"product_id": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activerecord@3.2.8-11.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"product": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"product_id": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activesupport@3.2.8-6.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-16.el6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"product": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"product_id": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activerecord-doc@3.2.8-11.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"product": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"product_id": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activerecord@3.2.8-11.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"product": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"product_id": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activesupport@3.2.8-6.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-16.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"product_id": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack-doc@3.2.8-16.el7?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"product": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"product_id": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activerecord@3.2.8-11.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"product": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"product_id": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activerecord-doc@3.2.8-11.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"product": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"product_id": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-activesupport@3.2.8-6.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"product_id": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack@3.2.8-16.el6?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"product": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"product_id": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby193-rubygem-actionpack-doc@3.2.8-16.el6?arch=noarch\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6)",
"product_id": "6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)",
"product_id": "6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1-6.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"relates_to_product_reference": "6Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1)",
"product_id": "7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2)",
"product_id": "7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1-7.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"relates_to_product_reference": "7Server-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src"
},
"product_reference": "ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch"
},
"product_reference": "ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src"
},
"product_reference": "ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch"
},
"product_reference": "ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
},
"product_reference": "ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-2.1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Daniel Waterworth"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-7576",
"cwe": {
"id": "CWE-385",
"name": "Covert Timing Channel"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301933"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7576"
},
{
"category": "external",
"summary": "RHBZ#1301933",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7576"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ANv0HDHEC3k/mt7wNGxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
},
{
"category": "workaround",
"details": "Use following code to monkey-patch http_basic_authenticate_with method in ActionController:\n\n~~~\nmodule ActiveSupport\n module SecurityUtils\n def secure_compare(a, b)\n return false unless a.bytesize == b.bytesize\n\n l = a.unpack \"C#{a.bytesize}\"\n\n res = 0\n b.each_byte { |byte| res |= byte ^ l.shift }\n res == 0\n end\n module_function :secure_compare\n\n def variable_size_secure_compare(a, b)\n secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))\n end\n module_function :variable_size_secure_compare\n end\nend\n\nmodule ActionController\n class Base\n def self.http_basic_authenticate_with(options = {})\n before_action(options.except(:name, :password, :realm)) do\n authenticate_or_request_with_http_basic(options[:realm] || \"Application\") do |name, password|\n # This comparison uses \u0026 so that it doesn\u0027t short circuit and\n # uses `variable_size_secure_compare` so that length information\n # isn\u0027t leaked.\n ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) \u0026\n ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password])\n end\n end\n end\n end\nend\n~~~",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Justin Coyne"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-7577",
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Active Record component\u0027s handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7577"
},
{
"category": "external",
"summary": "RHBZ#1301957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7577"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/cawsWcQ6c8g/tegZtYdbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-activerecord: Nested attributes rejection proc bypass in Active Record"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Aaron Patterson"
],
"organization": "Red Hat",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0751",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0751"
},
{
"category": "external",
"summary": "RHBZ#1301946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0751",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0751"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751"
},
{
"category": "external",
"summary": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/",
"url": "http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/9oLY_FCzvoc/w9oI9XxbFQAJ"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
},
{
"category": "workaround",
"details": "Use following code to monkey-patch mime types cache and disable caching.\n\n```\nrequire \u0027action_dispatch/http/mime_type\u0027\n\nMime.const_set :LOOKUP, Hash.new { |h,k|\n Mime::Type.new(k) unless k.blank?\n} \n```\n\nAlternatively perform filtering of mime types in the Accept header to allow only known types.",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-actionpack: possible object leak and denial of service attack in Action Pack"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"John Poulin"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-0752",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2016-01-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1301963"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: directory traversal flaw in Action View",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0752"
},
{
"category": "external",
"summary": "RHBZ#1301963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0752",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/335P1DcLG00/OfB9_LhbFQAJ"
},
{
"category": "external",
"summary": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/",
"url": "https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-01-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
},
{
"category": "workaround",
"details": "Avoid passing untrusted input to render method, or verify the input using whitelist before passing it to the render method:\n\n```\n\ndef index\n render verify_template(params[:id])\nend\n\nprivate\ndef verify_template(name)\n # add verification logic particular to your application here\nend\n\n```",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-25T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: directory traversal flaw in Action View"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Jyoti Singh"
],
"summary": "Acknowledged by upstream."
},
{
"names": [
"Tobias Kraze"
],
"organization": "makandra",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2097",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2016-02-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1310043"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2097"
},
{
"category": "external",
"summary": "RHBZ#1310043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2097"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ"
}
],
"release_date": "2016-02-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix"
},
{
"acknowledgments": [
{
"names": [
"the Ruby on Rails project"
]
},
{
"names": [
"Tobias Kraze"
],
"organization": "makandra",
"summary": "Acknowledged by upstream."
},
{
"names": [
"joernchen"
],
"organization": "Phenoelit",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2016-2098",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2016-02-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1310054"
}
],
"notes": [
{
"category": "description",
"text": "A code injection flaw was found in the way Action View component searched for templates for rendering. If an application passed untrusted input to the \u0027render\u0027 method, a remote, unauthenticated attacker could use this flaw to execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-actionpack: code injection vulnerability in Action View",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-2098"
},
{
"category": "external",
"summary": "RHBZ#1310054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2098"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ",
"url": "https://groups.google.com/forum/#!msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ"
}
],
"release_date": "2016-02-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-03-15T20:55:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.6.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1-6.7.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el6.src",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.noarch",
"6Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el6.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.1.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1-7.2.Z:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Server-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Server-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-1:3.2.8-16.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-1:3.2.8-11.el7.src",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.noarch",
"7Workstation-RHSCL-2.1:ruby193-rubygem-activesupport-1:3.2.8-6.el7.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rubygem-actionpack: code injection vulnerability in Action View"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…