Suggestions search

Untriaged

Filter by:

With package: rails-new

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2011-1497

created 1 month, 3 weeks ago

A cross-site scripting vulnerability flaw was found in the auto_link …

A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.

References

https://www.openwall.com/lists/oss-security/2011/04/06/13 x_refsource_MISC
https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/ac… x_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/04/06/13 x_transferredx_refsource_MISC
https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/ac… x_transferredx_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/04/06/13 x_refsource_MISC
https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/ac… x_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/04/06/13 x_transferredx_refsource_MISC
https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/ac… x_transferredx_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/04/06/13 x_refsource_MISC
https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/ac… x_refsource_MISC
https://www.openwall.com/lists/oss-security/2011/04/06/13 x_transferredx_refsource_MISC
https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/ac… x_transferredx_refsource_MISC

Affected products

rails

==rails 3.0.6

Matching in nixpkgs

pkgs.grails

Full stack, web application framework for the JVM

nixos-unstable 7.0.0-M3
- nixpkgs-unstable 7.0.0-M3
- nixos-unstable-small 7.0.0-M3
nixos-25.11 7.0.0-M3
- nixos-25.11-small 7.0.0-M3
- nixpkgs-25.11-darwin 7.0.0-M3

pkgs.rails-new

Generate new Rails applications without having to install Ruby

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0
nixos-25.11 0.5.0
- nixos-25.11-small 0.5.0
- nixpkgs-25.11-darwin 0.5.0

pkgs.rubyPackages.rails

None

nixos-unstable 7.2.3
- nixpkgs-unstable 7.2.3
- nixos-unstable-small 7.2.3
nixos-25.11 7.2.3
- nixos-25.11-small 7.2.3
- nixpkgs-25.11-darwin 7.2.3

pkgs.rubyPackages_3_1.rails

None

pkgs.rubyPackages_3_2.rails

None

pkgs.rubyPackages_3_3.rails

None

nixos-unstable 7.2.3
- nixpkgs-unstable 7.2.3
- nixos-unstable-small 7.2.3
nixos-25.11 7.2.3
- nixos-25.11-small 7.2.3
- nixpkgs-25.11-darwin 7.2.3

pkgs.rubyPackages_3_4.rails

None

nixos-unstable 7.2.3
- nixpkgs-unstable 7.2.3
- nixos-unstable-small 7.2.3
nixos-25.11 7.2.3
- nixos-25.11-small 7.2.3
- nixpkgs-25.11-darwin 7.2.3

pkgs.rubyPackages_4_0.rails

None

nixos-unstable 7.2.3
- nixpkgs-unstable 7.2.3
- nixos-unstable-small 7.2.3
nixos-25.11 7.2.3
- nixos-25.11-small 7.2.3
- nixpkgs-25.11-darwin 7.2.3

pkgs.hyprlandPlugins.hyprtrails

Hyprland smooth trails behind moving windows plugin

nixos-unstable 0.53.0
- nixpkgs-unstable 0.53.0
- nixos-unstable-small 0.53.0
nixos-25.11 0.52.0
- nixos-25.11-small 0.52.0
- nixpkgs-25.11-darwin 0.52.0

pkgs.rubyPackages.rails-dom-testing

None

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0
nixos-25.11 2.3.0
- nixos-25.11-small 2.3.0
- nixpkgs-25.11-darwin 2.3.0

pkgs.rubyPackages.rails-html-sanitizer

None

nixos-unstable 1.6.2
- nixpkgs-unstable 1.6.2
- nixos-unstable-small 1.6.2
nixos-25.11 1.6.2
- nixos-25.11-small 1.6.2
- nixpkgs-25.11-darwin 1.6.2

pkgs.rubyPackages_3_1.rails-dom-testing

None

pkgs.rubyPackages_3_2.rails-dom-testing

None

pkgs.rubyPackages_3_3.rails-dom-testing

None

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0
nixos-25.11 2.3.0
- nixos-25.11-small 2.3.0
- nixpkgs-25.11-darwin 2.3.0

pkgs.rubyPackages_3_4.rails-dom-testing

None

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0
nixos-25.11 2.3.0
- nixos-25.11-small 2.3.0
- nixpkgs-25.11-darwin 2.3.0

pkgs.rubyPackages_4_0.rails-dom-testing

None

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0
nixos-25.11 2.3.0
- nixos-25.11-small 2.3.0
- nixpkgs-25.11-darwin 2.3.0

pkgs.rubyPackages_3_1.rails-html-sanitizer

None

pkgs.rubyPackages_3_2.rails-html-sanitizer

None

pkgs.rubyPackages_3_3.rails-html-sanitizer

None

nixos-unstable 1.6.2
- nixpkgs-unstable 1.6.2
- nixos-unstable-small 1.6.2
nixos-25.11 1.6.2
- nixos-25.11-small 1.6.2
- nixpkgs-25.11-darwin 1.6.2

pkgs.rubyPackages_3_4.rails-html-sanitizer

None

nixos-unstable 1.6.2
- nixpkgs-unstable 1.6.2
- nixos-unstable-small 1.6.2
nixos-25.11 1.6.2
- nixos-25.11-small 1.6.2
- nixpkgs-25.11-darwin 1.6.2

pkgs.rubyPackages_4_0.rails-html-sanitizer

None

nixos-unstable 1.6.2
- nixpkgs-unstable 1.6.2
- nixos-unstable-small 1.6.2
nixos-25.11 1.6.2
- nixos-25.11-small 1.6.2
- nixpkgs-25.11-darwin 1.6.2

Package maintainers

@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@donovanglover Donovan Glover
@NotAShelf NotAShelf <raf@notashelf.dev>
@khaneliman Austin Horstman <khaneliman12@gmail.com>
@fufexan Fufezan Mihai <fufexan@protonmail.com>
@coat Kent Smith <kentsmith@gmail.com>

Permalink CVE-2010-3299

created 1 month, 3 weeks ago

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable …

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

References

https://security-tracker.debian.org/tracker/CVE-2010-3299 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2010-3299 x_refsource_MISC
[oss-security] 20100914 Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi mailing-listx_refsource_MLIST
https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2010-3299 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2010-3299 x_transferredx_refsource_MISC
[oss-security] 20100914 Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi x_transferredmailing-listx_refsource_MLIST
https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf x_transferredx_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2010-3299 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2010-3299 x_refsource_MISC
[oss-security] 20100914 Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi mailing-listx_refsource_MLIST
https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2010-3299 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2010-3299 x_transferredx_refsource_MISC
[oss-security] 20100914 Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi x_transferredmailing-listx_refsource_MLIST
https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf x_transferredx_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2010-3299 x_refsource_MISC
https://access.redhat.com/security/cve/cve-2010-3299 x_refsource_MISC
[oss-security] 20100914 Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi mailing-listx_refsource_MLIST
https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2010-3299 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2010-3299 x_transferredx_refsource_MISC
[oss-security] 20100914 Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi x_transferredmailing-listx_refsource_MLIST
https://www.usenix.org/legacy/events/woot10/tech/full_papers/Rizzo.pdf x_transferredx_refsource_MISC

Affected products

rails

==2.3

Matching in nixpkgs

pkgs.grails

Full stack, web application framework for the JVM

nixos-unstable 7.0.0-M3
- nixpkgs-unstable 7.0.0-M3
- nixos-unstable-small 7.0.0-M3
nixos-25.11 7.0.0-M3
- nixos-25.11-small 7.0.0-M3
- nixpkgs-25.11-darwin 7.0.0-M3