...fails like this: Invalid query parameters: invalid %-encoding (../../../../../../../../../etc/passwd%%0000.html) Someone tries to exploit CVE-2019-5418. If you use the latest Rails (or latest Rails LTS) you're safe...
...so slow that it can DoS your application (Examples are the ActiveRecord's PostgreSQL CVE-2021-22880 or the Cloudflare outage 2019). Greedy quantifiers (default) A plain * or + is greedy...
...source(:github) { |repo| "https://github.com/#{repo}.git" } ruby "2.7.6" gem "rails" gem "sqlite3", ">1.4.0" # CVE-XYZ gem "puma" Downgrades with bundler happens only in rare cases and will emit...
...consequently enforce this, your rails line would have a long line of comments with CVEs Good source "https://rubygems.org" git_source(:github) { |repo| "https://github.com/#{repo}.git" }
...unpoly": "2.x" and "unpoly": "^2.7.2" expresses the same version constraint Bad Commit message: Fixes CVE-XYZ { "dependencies": { "autosize": ">6.0.0", "unpoly": "x" } } There is no reason we have to protect...
...match rows without knowing a secret token: Potential Query Manipulation with Common Rails Practises CVE-2013-3211 MySQL madness and Rails
Yesterday, Rails fixed a security issue (CVE-2014-3514) in Rails 4+. It was possible to use .where or .create_with to bypass Rails' Strong Parameters: user.blog_posts.create_with...
Enter the hostname of a server to test it for CVE...
Best results in other decks
Rails LTS (<= 4.2) contains a fix for CVE-2021-22885, but this includes a breaking change you can opt out of. In Rails 5.2 LTS and upward you cannot opt...
...dfsg-1.3build2.1) UNRELEASED; urgency=medium * SECURITY UPDATE: possible arbitrary file leak (CVE-2022-44268) * Backport upstream https://github.com/ImageMagick/ImageMagick6/commit/3c5188b41902a909e163492fb0c19e49efefcefe -- YOUR NAME <YOUR@EMAIL-ADDRESS> Sun, 05 Feb...
...dfsg-2.1ubuntu11.4.1) UNRELEASED; urgency=medium * SECURITY UPDATE: possible arbitrary file leak (CVE-2022-44268) * Backport upstream https://github.com/ImageMagick/ImageMagick6/commit/3c5188b41902a909e163492fb0c19e49efefcefe -- YOUR NAME <YOUR@EMAIL-ADDRESS> Sun, 05 Feb...