Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails 3.2.11 vulnerabilities and exploits
(subscribe to this query)
873
VMScore
CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails prior to 2.3.15, 3.0.x prior to 3.0.19, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.11 does not properly restrict casts of string values, which allows remote malicious users to conduct object-injection attacks and exe...
Rubyonrails Ruby On Rails
Rubyonrails Rails
Debian Debian Linux 7.0
Debian Debian Linux 6.0
2 EDB exploits
2 Metasploit modules
2 Nmap scripts
11 Github repositories
3 Articles
571
VMScore
CVE-2013-0155
Ruby on Rails 3.0.x prior to 3.0.19, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote malicious users to bypass intended database-quer...
Rubyonrails Ruby On Rails
Rubyonrails Rails
Debian Debian Linux 6.0
2 Github repositories
570
VMScore
CVE-2013-3221
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote malicious users to conduct dat...
Rubyonrails Rails 2.3.14
Rubyonrails Rails 2.3.13
Rubyonrails Rails 2.3.4
Rubyonrails Rails 2.3.12
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.3.1
Rubyonrails Rails 2.3.16
Rubyonrails Rails 2.3.15
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.3.0
Rubyonrails Rails 2.3.2
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.4
516
VMScore
CVE-2013-1856
The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x prior to 3.1.12 and 3.2.x prior to 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allo...
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.10
Rubyonrails Rails 3.2.3
Rubyonrails Rails 3.2.2
Rubyonrails Rails 3.1.8
Rubyonrails Rails 3.1.7
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.1.9
Rubyonrails Rails 3.1.10
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.4
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.2.12
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.5
446
VMScore
CVE-2014-7829
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x prior to 3.2.21, 4.0.x prior to 4.0.12, 4.1.x prior to 4.1.8, and 4.2.x prior to 4.2.0.beta4, when serve_static_assets is enabled, allows remote malicious ...
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.16
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.15
Rubyonrails Rails 3.2.16
Rubyonrails Rails 3.2.3
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
445
VMScore
CVE-2013-1854
The Active Record component in Ruby on Rails 2.3.x prior to 2.3.18, 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote malicious users to cause a denial of service via crafted input to a where method.
Rubyonrails Ruby On Rails 2.3.17
Rubyonrails Ruby On Rails 3.1.11
Rubyonrails Rails 2.3.0
Rubyonrails Rails 2.3.1
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.4
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.3.12
Rubyonrails Rails 2.3.13
Rubyonrails Rails 2.3.14
Rubyonrails Rails 2.3.15
Rubyonrails Rails 2.3.16
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.7
384
VMScore
CVE-2014-7818
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x prior to 3.2.20, 4.0.x prior to 4.0.11, 4.1.x prior to 4.1.7, and 4.2.x prior to 4.2.0.beta3, when serve_static_assets is enabled, allows remote malicious ...
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.16
Rubyonrails Rails 3.0.17
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.3
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.2.16
Rubyonrails Rails 3.2.17
384
VMScore
CVE-2013-0276
ActiveRecord in Ruby on Rails prior to 2.3.17, 3.1.x prior to 3.1.11, and 3.2.x prior to 3.2.12 allows remote malicious users to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.3
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.4
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.2.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.2.2
Rubyonrails Rails 3.2.10
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.3
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.1.9
Rubyonrails Rails 3.1.8
Rubyonrails Rails 3.1.7
3 Github repositories
383
VMScore
CVE-2015-3226
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x prior to 4.1.11 and 4.2.x prior to 4.2.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.1.6
Rubyonrails Rails 3.2.17
Rubyonrails Rails 3.2.16
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.2
Rubyonrails Rails 3.2.12
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.2.4
Rubyonrails Rails 3.2.3
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.4
Rubyonrails Rails 3.2.15
Rubyonrails Ruby On Rails 3.2.14
Rubyonrails Rails 3.2.13
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.2.5
383
VMScore
CVE-2013-1855
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails prior to 2.3.18, 3.0.x and 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 does not properly handle \n (newline) characters, which makes it easier...
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.2.5
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.2.10
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.12
Rubyonrails Rails 3.2.2
Rubyonrails Rails 3.2.3
Rubyonrails Rails 3.2.4
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.7.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 1.2.4
Rubyonrails Ruby On Rails 0.8.5
Rubyonrails Ruby On Rails 0.6.0
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Ruby On Rails 0.9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »