{"id":"MGASA-2014-0191","summary":"Updated ruby-rails and associated packages fix multiple vulnerabilities","details":"Updated ruby-activerecord and ruby-actionpack packages fix security\nvulnerabilities:\n\nThere is a data injection vulnerability in Active Record. Specially crafted\nstrings can be used to save data in PostgreSQL array columns that may not be\nintended (CVE-2014-0080).\n\nThere is an XSS vulnerability in the number_to_currency, number_to_percentage\nand number_to_human helpers in Ruby on Rails (CVE-2014-0081).\n\nThe associated packages have been updated to version 4.0.3 to fix these\nissues.\n","modified":"2026-04-16T06:25:57.156346688Z","published":"2014-04-24T19:02:23Z","upstream":["CVE-2014-0080","CVE-2014-0081"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0191.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129715.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129716.html"},{"type":"WEB","url":"http://weblog.rubyonrails.org/2014/2/18/Rails_3_2_17_4_0_3_and_4_1_0_beta2_have_been_released/"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=12896"}],"affected":[{"package":{"name":"ruby-actionmailer","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/ruby-actionmailer?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.3-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0191.json"}},{"package":{"name":"ruby-actionpack","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/ruby-actionpack?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.3-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0191.json"}},{"package":{"name":"ruby-activemodel","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/ruby-activemodel?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.3-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0191.json"}},{"package":{"name":"ruby-activerecord","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/ruby-activerecord?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.3-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0191.json"}},{"package":{"name":"ruby-activesupport","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/ruby-activesupport?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.3-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0191.json"}},{"package":{"name":"ruby-rails","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/ruby-rails?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.3-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0191.json"}},{"package":{"name":"ruby-railties","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/ruby-railties?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.3-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0191.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}