Tenderlove

**Name of the Vulnerable Software and Affected Versions** Rack versions 3.1.0 through 3.1.15 **Description** The issue is a denial of service vulnerability in the Content-Disposition parsing component of Rack. It can be triggered by carefully crafted input, causing the Content-Disposition header parsing to take an unexpected amount of time, which may result in a denial of service attack. This vulnerability affects applications that parse multipart posts using Rack, including virtually all Rails applications. **Recommendations** For Rack versions 3.1.0 through 3.1.15, update to version 3.1.16, which contains a patch for the vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rack versions 2.0.0 through 2.2.6.3 Rack versions 3.0.0 through 3.0.6.0 **Description** The issue is related to the header parsing component of Rack, which can be exploited to cause a denial of service. This can happen when carefully crafted input causes the header parsing to take an unexpected amount of time. The vulnerability can be exploited remotely, potentially allowing an attacker to cause a denial of service. **Recommendations** For Rack versions 2.0.0 through 2.2.6.3, update to version 2.2.6.4 or later. For Rack versions 3.0.0 through 3.0.6.0, update to version 3.0.6.1 or later. As a temporary workaround, consider setting Regexp.timeout in Ruby 3.2 to mitigate the risk of exploitation.

**Nome do software vulnerável e versões afetadas** Versões do Rails anteriores à 7.0.2.2 Versões do Rails anteriores à 6.1.4.6 Versões do Rails anteriores à 6.0.4.6 Versões do Rails anteriores à 5.2.6.2 Versões do Puma anteriores à 5.6.2 Versões do Puma anteriores à 4.3.11 **Descrição** O Action Pack é uma estrutura para lidar e responder a solicitações da web. Em determinadas circunstâncias, os corpos das respostas não serão fechados. Caso uma resposta não receba a notificação de um `close`, o `ActionDispatch::Executor` não saberá como reinicializar o estado local da thread para a próxima solicitação. Isso pode levar ao vazamento de dados para solicitações subsequentes, especialmente ao interagir com `ActiveSupport::CurrentAttributes`. A combinação do Puma não fechar o corpo e a implementação do Executor do Rails causa vazamento de informações. **Recomendações** Para versões do Rails anteriores à 7.0.2.2, atualize para a versão 7.0.2.2 ou posterior. Para versões do Rails anteriores à 6.1.4.6, atualize para a versão 6.1.4.6 ou posterior. Para versões do Rails anteriores à 6.0.4.6, atualize para a versão 6.0.4.6 ou posterior. Para versões do Rails anteriores à 5.2.6.2, atualize para a versão 5.2.6.2 ou posterior. Para versões do Puma anteriores à 5.6.2, atualize para a versão 5.6.2 ou posterior. Para versões do Puma anteriores à 4.3.11, atualize para a versão 4.3.11 ou posterior. Como solução temporária, considere usar o middleware descrito em GHSA-wh98-p28r-vrc9 para mitigar o problema. Como alternativa, você pode usar o seguinte middleware: ```ruby class GuardedExecutor < ActionDispatch::Executor def call(env) ensure completed!

**Name of the Vulnerable Software and Affected Versions** rails-html-sanitizer gem versions prior to 1.0.3 Ruby on Rails versions 4.2.x and 5.x **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node. This is due to a vulnerability in the lib/rails/html/scrubbers.rb file in the rails-html-sanitizer gem. **Recommendations** For rails-html-sanitizer gem versions prior to 1.0.3, update to version 1.0.3 or later. For Ruby on Rails versions 4.2.x and 5.x, ensure the rails-html-sanitizer gem is updated to version 1.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions 2.3.x through 2.3.12 **Description** The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header. This is due to a CRLF injection vulnerability in the actionpack/lib/action controller/response.rb file. **Recommendations** For Ruby on Rails versions 2.3.x through 2.3.12, update to version 2.3.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions 2.x through 2.3.12 Ruby on Rails versions 3.0.x through 3.0.9 Ruby on Rails versions 3.1.x through 3.1.0.rc4 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability" in the `activesupport/lib/active support/core ext/string/output safety.rb` file. This issue affects Ruby on Rails, enabling attackers to execute malicious scripts on user browsers. **Recommendations** For Ruby on Rails versions 2.x through 2.3.12, update to version 2.3.13 or later. For Ruby on Rails versions 3.0.x through 3.0.9, update to version 3.0.10 or later. For Ruby on Rails versions 3.1.x through 3.1.0.rc4, update to version 3.1.0.rc5 or later.

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions prior to 2.3.13 Ruby on Rails versions 3.0.x prior to 3.0.10 Ruby on Rails versions 3.1.x prior to 3.1.0.rc5 **Description** The issue allows remote attackers to execute arbitrary SQL commands via a crafted column name, due to multiple SQL injection vulnerabilities in the `quote table name` method in the ActiveRecord adapters. **Recommendations** For versions prior to 2.3.13, update to version 2.3.13 or later. For versions 3.0.x prior to 3.0.10, update to version 3.0.10 or later. For versions 3.1.x prior to 3.1.0.rc5, update to version 3.1.0.rc5 or later.

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions 3.0.x through 3.0.3 **Description** The issue allows remote attackers to conduct SQL injection attacks via a non-numeric argument to the limit function, as it does not ensure that arguments specify integer values. **Recommendations** For Ruby on Rails versions 3.0.x through 3.0.3, update to version 3.0.4 or later to resolve the issue.