| CVE-2013-0333 |
high |
— |
8.5 |
|
|
|
14y ago |
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows re… |
| CVE-2023-22796 |
high |
— |
8.0 |
|
|
|
3y ago |
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a sta… |
| CVE-2013-1856 |
medium |
— |
5.8 |
|
|
|
13y ago |
The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is us… |
| CVE-2026-33170 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `SafeBuffer#%` does not propagate the `@… |
| CVE-2026-33176 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept str… |
| CVE-2026-33169 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. `NumberToDelimitedConverter` uses a lookahead-based regular expression with `gsub!` to in… |
| CVE-2015-3227 |
medium |
— |
5.0 |
|
|
|
11y ago |
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service… |
| CVE-2011-2197 |
medium |
— |
4.3 |
|
|
|
9y ago |
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it … |
| CVE-2011-2932 |
medium |
— |
4.3 |
|
|
|
9y ago |
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow… |
| CVE-2015-3226 |
medium |
— |
4.3 |
|
|
|
11y ago |
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web scri… |
| CVE-2012-3464 |
medium |
— |
4.3 |
|
|
|
14y ago |
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow re… |
| CVE-2012-1098 |
medium |
— |
4.3 |
|
|
|
15y ago |
Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors in… |
