Ruby On Rails 5.0.0 Release Candidate 2

CPE Details

Ruby On Rails 5.0.0 Release Candidate 2
rubyonrails
ruby_on_rails
5.0.0
2016-09-08
13h43 +00:00
2019-08-08
13h11 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:rubyonrails:ruby_on_rails:5.0.0:rc2:*:*:*:*:*:*

Informations

Vendor

rubyonrails

Product

ruby_on_rails

Version

5.0.0

Update

rc2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2017-17919 2017-12-29 15h00 +00:00 SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input
8.1
Haute
CVE-2017-17920 2017-12-29 15h00 +00:00 SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input
8.1
Haute
CVE-2016-6316 2016-09-07 17h00 +00:00 Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.
6.1
Moyen