Red Hat Security Advisory: Ruby on Rails security update
🔗 CVE IDs covered (11)
📋 Description
CVE-2012-2660 — rubygem-actionpack: Unsafe query generation CVE-2012-2661 — rubygem-activerecord: SQL injection when processing nested query paramaters CVE-2012-2694 — rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660) CVE-2012-2695 — rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661) CVE-2012-3424 — rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest CVE-2012-3463 — rubygem-actionpack: potential XSS vulnerability in select_tag prompt CVE-2012-3464 — rubygem-actionpack: potential XSS vulnerability CVE-2012-3465 — rubygem-actionpack: XSS Vulnerability in strip_tags CVE-2012-6496 — rubygem-activerecord: find_by_* SQL Injection CVE-2013-0155 — rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails CVE-2013-0156 — rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2013:0154
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://access.redhat.com/knowledge/solutions/290903
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=827353
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=827363
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=831573
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=831581
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=843711
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=847196
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=847199
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=847200
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=889649
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=892866
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=892870
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0154.json