| Max CVSS | 6.4 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-4389 | 4.3 |
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly
|
19-05-2023 - 16:52 | 17-10-2013 - 00:55 | |
| CVE-2013-6414 | 5.0 |
actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to e
|
08-08-2019 - 15:42 | 07-12-2013 - 00:55 | |
| CVE-2013-6417 | 6.4 |
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attac
|
08-08-2019 - 15:42 | 07-12-2013 - 00:55 | |
| CVE-2013-6415 | 4.3 |
Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via th
|
08-08-2019 - 15:42 | 07-12-2013 - 00:55 | |
| CVE-2013-4491 | 4.3 |
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script
|
08-08-2019 - 15:42 | 07-12-2013 - 00:55 |