FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8e670b85-706e-11eb-abb2-08002728f74cRails -- multiple vulnerabilities

Ruby on Rails blog:

Rails version 5.2.4.5, 6.0.3.5 and 6.1.2.1 have been released! Those version are security releases and addresses two issues:

CVE-2021-22880: Possible DoS Vulnerability in Active Record PostgreSQL adapter.

CVE-2021-22881: Possible Open Redirect in Host Authorization Middleware.


Discovery 2021-02-10
Entry 2021-02-17
rubygem-activerecord52
< 5.2.4.5

rubygem-actionpack60
rubygem-activerecord60
< 6.0.3.5

rubygem-actionpack61
rubygem-activerecord61
< 6.1.2.1

https://weblog.rubyonrails.org/2021/2/10/Rails-5-2-4-5-6-0-3-5-and-6-1-2-1-have-been-released/
https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129
https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130
CVE-2021-22880
CVE-2021-22881
95f306a6-0aee-11eb-add4-08002728f74cRails -- Possible XSS vulnerability

Ruby on Rails blog:

Rails version 6.0.3.4 has been released! This version is a security release and addresses one possible XSS attack vector in Actionable Exceptions.


Discovery 2020-10-07
Entry 2020-10-10
rubygem-actionpack60
< 6.0.3.4

https://weblog.rubyonrails.org/2020/10/7/Rails-6-0-3-4-has-been-released/
CVE-2020-8264
9db93f3d-c725-11ec-9618-000d3ac47524Rails -- XSS vulnerabilities

Ruby on Rails blog:

This is an announcement to let you know that Rails 7.0.2.4, 6.1.5.1, 6.0.4.8, and 5.2.7.1 have been released!

These are security releases so please update as soon as you can. Once again we've made these releases based on the last release tag, so hopefully upgrading will go smoothly.

The releases address two vulnerabilities, CVE-2022-22577, and CVS-2022-27777. They are both XSS vulnerabilities, so please take a look at the forum posts to see how (or if) they might possibly impact your application.


Discovery 2022-04-26
Entry 2022-04-30
rubygem-actionpack52
< 5.2.7.1

rubygem-actionpack60
< 6.0.4.8

rubygem-actionpack61
< 6.1.5.1

rubygem-actionpack70
< 7.0.2.4

rubygem-actionview52
< 5.2.7.1

rubygem-actionview60
< 6.0.4.8

rubygem-actionview61
< 6.1.5.1

rubygem-actionview70
< 7.0.2.4

CVE-2022-22577
CVE-2022-27777
https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released
f7a00ad7-ae75-11eb-8113-08002728f74cRails -- multiple vulnerabilities

Ruby on Rails blog:

Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed:

CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack

CVE-2021-22902: Possible Denial of Service vulnerability in Action Dispatch

CVE-2021-22903: Possible Open Redirect Vulnerability in Action Pack

CVE-2021-22904: Possible DoS Vulnerability in Action Controller Token Authentication


Discovery 2021-05-05
Entry 2021-05-07
rubygem-actionpack52
< 5.2.6

rubygem-actionpack60
< 6.0.3.7

rubygem-actionpack61
< 6.1.3.2

https://weblog.rubyonrails.org/2021/5/5/Rails-versions-6-1-3-2-6-0-3-7-5-2-4-6-and-5-2-6-have-been-released/
https://discuss.rubyonrails.org/t/cve-2021-22885-possible-information-disclosure-unintended-method-execution-in-action-pack/77868
https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866
https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867
https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
CVE-2021-22885
CVE-2021-22902
CVE-2021-22903
CVE-2021-22904