Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails 2.0.0 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-22885
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
Rubyonrails Rails
Rubyonrails Actionpack Page-caching -
Debian Debian Linux 10.0
5
CVSSv2
CVE-2014-3916
The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent malicious users to cause a denial of service (segmentation fault and crash) via a long string.
Rubyonrails Rails 1.9.3
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.1.0
4.3
CVSSv2
CVE-2013-1855
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails prior to 2.3.18, 3.0.x and 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 does not properly handle \n (newline) characters, which makes it easier...
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.2.5
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.2.10
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.12
Rubyonrails Rails 3.2.2
Rubyonrails Rails 3.2.3
Rubyonrails Rails 3.2.4
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.7.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 1.2.4
Rubyonrails Ruby On Rails 0.8.5
Rubyonrails Ruby On Rails 0.6.0
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Ruby On Rails 0.9.0
4.3
CVSSv2
CVE-2013-1857
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails prior to 2.3.18, 3.0.x and 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes ...
Redhat Enterprise Linux 6.0
Rubyonrails Rails 2.3.15
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.0
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.0.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.3.12
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 1.2.1
Rubyonrails Rails 1.2.0
Rubyonrails Rails 1.1.6
Rubyonrails Rails 1.1.5
Rubyonrails Rails 0.9.4.1
Rubyonrails Rails 0.14.4
Rubyonrails Ruby On Rails 0.5.0
Rubyonrails Ruby On Rails 0.5.5
4.3
CVSSv2
CVE-2012-3464
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 might allow remote malicious users to inject arbitrary web script or HTML via vectors inv...
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 1.2.4
Rubyonrails Rails 1.2.3
Rubyonrails Rails 1.1.3
Rubyonrails Rails 1.1.2
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Rails 3.0.9
4.3
CVSSv2
CVE-2012-3465
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 allows remote malicious users to inject arbitrary web script or HTML via mal...
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 1.2.4
Rubyonrails Rails 1.2.3
Rubyonrails Rails 1.2.2
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.1
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.6.0
7.5
CVSSv2
CVE-2011-2930
Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails prior to 2.3.13, 3.0.x prior to 3.0.10, and 3.1.x prior to 3.1.0.rc5 allow remote malicious users to execute ...
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.0.2
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.4
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.1.0
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.3.12
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.2
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.1
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
4.3
CVSSv2
CVE-2011-2931
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails prior to 2.3.13, 3.0.x prior to 3.0.10, and 3.1.x prior to 3.1.0.rc5 allows remote malicious users to inject arbitrary web scrip...
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.0.1
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.2
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.1.0
Rubyonrails Rails 2.3.12
Rubyonrails Rails 2.0.2
Rubyonrails Rails 2.0.4
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.7
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.10
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.2.0
4.3
CVSSv2
CVE-2011-2932
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x prior to 2.3.13, 3.0.x prior to 3.0.10, and 3.1.x prior to 3.1.0.rc5 allows remote malicious users to inject arbitrary web script or HTML via a malfo...
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.0.4
Rubyonrails Rails 2.3.9
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.1.0
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.0.1
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 3.0.7
4.3
CVSSv2
CVE-2011-2197
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x prior to 2.3.12, 3.0.x prior to 3.0.8, and 3.1.x prior to 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote malicious users to conduct XSS attacks via crafted string...
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.0.4
Rubyonrails Rails 2.0.1
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.0.2
Rubyonrails Rails 2.3.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »