Gentoo Linux Security Advisory 201412-28 - Multiple vulnerabilities were found in Ruby on Rails, the worst of which allowing for execution of arbitrary code. Versions less than 2.3.18 are affected.
76dc0b7e4c9e8b791f80a766fcc8ca7f6bcd6698fbd68637fd46c0e03c25cb62
Red Hat Security Advisory 2014-1863-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. Red Hat Subscription Asset Manager is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request.
688dccb48f0fad7f4ed5bb8b5c284c3cde47754bf1f5692e7d244e4fdf120639
Apple Security Advisory 2013-06-04-1 - OS X Mountain Lion version 10.8.4 and Security Update 2013-002 is now available and addresses over 30 security issues.
29c85f7c4991f40f099be32dac2f2a9438a7fc5388a3ae3de429d2a6ba9bb431
Red Hat Security Advisory 2013-0699-01 - Ruby on Rails is a model–view–controller framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. A flaw was found in the way hashes were handled in certain queries. A remote attacker could use this flaw to perform a denial of service attack by sending specially-crafted queries that would result in the creation of Ruby symbols, which were never garbage collected.
b6902657cfe40401e0c98cb2a92a85ea972342fafdcaf8a44cc480e5c5cd61a1
Debian Linux Security Advisory 2655-1 - Several cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development.
4c3d58135661cc0677501ab58b5ab4b645bf6e20f7be676bc756293c4c589cf2