FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f7a00ad7-ae75-11eb-8113-08002728f74cRails -- multiple vulnerabilities

Ruby on Rails blog:

Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed:

CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack

CVE-2021-22902: Possible Denial of Service vulnerability in Action Dispatch

CVE-2021-22903: Possible Open Redirect Vulnerability in Action Pack

CVE-2021-22904: Possible DoS Vulnerability in Action Controller Token Authentication


Discovery 2021-05-05
Entry 2021-05-07
rubygem-actionpack52
lt 5.2.6

rubygem-actionpack60
lt 6.0.3.7

rubygem-actionpack61
lt 6.1.3.2

https://weblog.rubyonrails.org/2021/5/5/Rails-versions-6-1-3-2-6-0-3-7-5-2-4-6-and-5-2-6-have-been-released/
https://discuss.rubyonrails.org/t/cve-2021-22885-possible-information-disclosure-unintended-method-execution-in-action-pack/77868
https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866
https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867
https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869
CVE-2021-22885
CVE-2021-22902
CVE-2021-22903
CVE-2021-22904
85fca718-99f6-11ea-bf1d-08002728f74cRails -- multiple vulnerabilities

Ruby on Rails blog:

Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can.

Both releases contain the following fixes:

CVE-2020-8162: Circumvention of file size limits in ActiveStorage

CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack

CVE-2020-8165: Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

CVE-2020-8166: Ability to forge per-form CSRF tokens given a global CSRF token

CVE-2020-8167: CSRF Vulnerability in rails-ujs


Discovery 2020-05-18
Entry 2020-05-19
rubygem-actionpack52
rubygem-actionview52
rubygem-activestorage52
rubygem-activesupport52
lt 5.2.4.3

rubygem-actionpack60
rubygem-actionview60
rubygem-activestorage60
rubygem-activesupport60
lt 6.0.3.1

https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/
https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ
https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY
https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c
https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw
https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0
CVE-2020-8162
CVE-2020-8164
CVE-2020-8165
CVE-2020-8166
CVE-2020-8167
9db93f3d-c725-11ec-9618-000d3ac47524Rails -- XSS vulnerabilities

Ruby on Rails blog:

This is an announcement to let you know that Rails 7.0.2.4, 6.1.5.1, 6.0.4.8, and 5.2.7.1 have been released!

These are security releases so please update as soon as you can. Once again we've made these releases based on the last release tag, so hopefully upgrading will go smoothly.

The releases address two vulnerabilities, CVE-2022-22577, and CVS-2022-27777. They are both XSS vulnerabilities, so please take a look at the forum posts to see how (or if) they might possibly impact your application.


Discovery 2022-04-26
Entry 2022-04-30
rubygem-actionpack52
lt 5.2.7.1

rubygem-actionpack60
lt 6.0.4.8

rubygem-actionpack61
lt 6.1.5.1

rubygem-actionpack70
lt 7.0.2.4

rubygem-actionview52
lt 5.2.7.1

rubygem-actionview60
lt 6.0.4.8

rubygem-actionview61
lt 6.1.5.1

rubygem-actionview70
lt 7.0.2.4

CVE-2022-22577
CVE-2022-27777
https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released