RHSA-2013:0154Critical

Red Hat Security Advisory: Ruby on Rails security update

Published
January 10, 2013
Last Modified
June 27, 2026

🔗 CVE IDs covered (11)

📋 Description

CVE-2012-2660 — rubygem-actionpack: Unsafe query generation CVE-2012-2661 — rubygem-activerecord: SQL injection when processing nested query paramaters CVE-2012-2694 — rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660) CVE-2012-2695 — rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661) CVE-2012-3424 — rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest CVE-2012-3463 — rubygem-actionpack: potential XSS vulnerability in select_tag prompt CVE-2012-3464 — rubygem-actionpack: potential XSS vulnerability CVE-2012-3465 — rubygem-actionpack: XSS Vulnerability in strip_tags CVE-2012-6496 — rubygem-activerecord: find_by_* SQL Injection CVE-2013-0155 — rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails CVE-2013-0156 — rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack

🔗 References (15)