FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Rails -- Action View vulnerabilities

Affected packages
rubygem-actionview4 < 4.2.11.1
rubygem-actionview50 < 5.0.7.2
rubygem-actionview5 < 5.1.6.2

Details

VuXML ID 1396a74a-4997-11e9-b5f1-83edb3f89ba1
Discovery 2019-03-13
Entry 2019-03-18

Ruby on Rails blog:

Rails 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1, and 6.0.0.beta3 have been released! These contain the following important security fixes. It is recommended that users upgrade as soon as possible:

CVE-2019-5418 File Content Disclosure in Action View

CVE-2019-5419 Denial of Service Vulnerability in Action View

References

CVE Name CVE-2019-5418
CVE Name CVE-2019-5419
URL https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/