By Risk Score
By Publish Date
By Recent Activity
rails vulnerabilities and exploits
(subscribe to this query)
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains....
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node....
A denial of service vulnerability exists in Rails <184.108.40.206 that allowed an untrusted user to run any pending migrations on a Rails app running in production....
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class....
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112....
A deserialization of untrusted data vulnerability exists in rails < 220.127.116.11, rails < 18.104.22.168 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters....
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."...
A deserialization of untrusted data vulnernerability exists in rails < 22.214.171.124, rails < 126.96.36.199 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE....
2 Github repositories available
cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259)....
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application...
business automation workflow
infosphere information server