secret_token.rb
code Critical
Session Setting
Discovered over 5 years ago
Source: static code analysis
Category: Session Setting
Confidence level: High

Problem

Session secret should not be included in version control

Location

config/initializers/secret_token.rb:7


Category description: Session cookies should be http-only with the key of at least 30 characters; secret_token shouldn't be included in version control systems.

Solution: fix the issue in config/initializers/secret_token.rb or mark it as false positive.

CVE-2014-3514
rails Critical
Attribute Restriction
Discovered over 5 years ago
Published about 6 years ago
Category: Attribute Restriction
Source: NIST NVD
Severity: Critical

The create_with functionality in Active Record was implemented incorrectly and completely bypasses the strong parameters protection. Applications which pass user-controlled values to create_with could allow attackers to set arbitrary attributes on models.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
Network Network None Partial Partial Partial
Patched Versions

~> 4.0.9 >= 4.1.5

Unaffected Versions

< 4.0.0

CVE-2014-3483 / OSVDB-108665
rails Critical
SQL Injection
Discovered over 5 years ago
Published over 6 years ago
Category: SQL Injection
Source: NIST NVD
Severity: Critical

Ruby on Rails contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the PostgreSQL adapter for Active Record not properly sanitizing user-supplied input when quoting ranges. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
Network Network None Partial Partial Partial
Patched Versions

~> 4.0.7 >= 4.1.3

Unaffected Versions

< 4.0.0

Gemfile
code Severe
Mass Assignment
Discovered over 5 years ago
Source: static code analysis
Category: Mass Assignment
Confidence level: Medium

Problem

create_with is vulnerable to strong params bypass. Upgrade to Rails 4.1.5 or patch

Location

Gemfile


Category description: Unprotected model attributes give the attacker a way to rewrite them. E.g., change the admin flag to true.

Solution: fix the issue in Gemfile or mark it as false positive.

CVE-2014-7829
rails Severe
File Access
Discovered over 5 years ago
Published almost 6 years ago
Category: File Access
Source: NIST NVD
Severity: Severe

Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application’s root directory. The files will not be served, but attackers can determine whether or not the file exists. This vulnerability is very similar to CVE-2014-7818, but the specially crafted string is slightly different.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
Network Network None Partial None None
Patched Versions

~> 3.2.21 ~> 4.0.11.1 ~> 4.0.12 ~> 4.1.7.1 >= 4.1.8

Unaffected Versions

< 3.0.0

CVE-2014-7818
rails Moderate
File Access
Discovered over 5 years ago
Published almost 6 years ago
Category: File Access
Source: NIST NVD
Severity: Moderate

Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application’s root directory. The files will not be served, but attackers can determine whether or not the file exists.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
Network Network None Partial None None
Patched Versions

~> 3.2.20 ~> 4.0.11 ~> 4.1.7 >= 4.2.0.beta3

Unaffected Versions

< 3.0.0

CVE-2014-0130
rails Moderate
Attribute Restriction
Discovered over 5 years ago
Published over 6 years ago
Category: Attribute Restriction
Source: NIST NVD
Severity: Moderate

There is a vulnerability in the ‘implicit render’ functionality in Ruby on Rails.The implicit render functionality allows controllers to render a template, even if there is no explicit action with the corresponding name. This module does not perform adequate input sanitization which could allow an attacker to use a specially crafted request to retrieve arbitrary files from the rails application server.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
Network Network None Partial None None
Patched Versions

~> 3.2.18 ~> 4.0.5 >= 4.1.1

Unaffected Versions

n/a