| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-3424 | 5.0 |
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attac
|
08-08-2019 - 15:42 | 08-08-2012 - 10:26 | |
| CVE-2012-2660 | 6.4 |
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which a
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
| CVE-2012-2694 | 4.3 |
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which a
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
| CVE-2012-2661 | 5.0 |
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 | |
| CVE-2012-2695 | 7.5 |
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certai
|
08-08-2019 - 15:42 | 22-06-2012 - 14:55 |