FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1396a74a-4997-11e9-b5f1-83edb3f89ba1Rails -- Action View vulnerabilities

Ruby on Rails blog:

Rails 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1, and 6.0.0.beta3 have been released! These contain the following important security fixes. It is recommended that users upgrade as soon as possible:

CVE-2019-5418 File Content Disclosure in Action View

CVE-2019-5419 Denial of Service Vulnerability in Action View


Discovery 2019-03-13
Entry 2019-03-18
rubygem-actionview4
lt 4.2.11.1

rubygem-actionview50
lt 5.0.7.2

rubygem-actionview5
lt 5.1.6.2

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
CVE-2019-5418
CVE-2019-5419
ce6db19b-976e-11ea-93c4-08002728f74cRails -- remote code execution vulnerability

Ruby on Rails blog:

Due to an unfortunate oversight, Rails 4.2.11.2 has a missing constant error. To address this Rails 4.2.11.3 has been released.

The original announcement for CVE-2020-8163 has a follow-up message with an updated patch if you’re unable to use the gems.


Discovery 2020-05-15
Entry 2020-05-16
rubygem-actionview4
lt 4.2.11.2

https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/
https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0
CVE-2020-8163