Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails 4.1.8 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-3227
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails prior to 4.1.11 and 4.2.x prior to 4.2.2, when JDOM or REXML is enabled, allow remote malicious users to cause a denial of service (SystemStackError) via a large XML document depth.
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.8
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.1.0
4.3
CVSSv2
CVE-2015-3226
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x prior to 4.1.11 and 4.2.x prior to 4.2.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.1.6
Rubyonrails Rails 3.2.17
Rubyonrails Rails 3.2.16
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.2
Rubyonrails Rails 3.2.12
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.2.4
Rubyonrails Rails 3.2.3
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.4
Rubyonrails Rails 3.2.15
Rubyonrails Ruby On Rails 3.2.14
Rubyonrails Rails 3.2.13
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.2.5
5
CVSSv2
CVE-2016-2097
Directory traversal vulnerability in Action View in Ruby on Rails prior to 3.2.22.2 and 4.x prior to 4.1.14.2 allows remote malicious users to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname...
Rubyonrails Rails 4.0.4
Rubyonrails Rails 4.1.9
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.12
Rubyonrails Rails 4.1.10
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.0.5
Rubyonrails Rails 4.0.1
Rubyonrails Ruby On Rails
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.14
Rubyonrails Rails 4.1.13
Rubyonrails Rails 4.0.10
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.0.8
Rubyonrails Rails 4.0.7
7.5
CVSSv2
CVE-2016-2098
Action Pack in Ruby on Rails prior to 3.2.22.2, 4.x prior to 4.1.14.2, and 4.2.x prior to 4.2.5.2 allows remote malicious users to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Debian Debian Linux 8.0
Rubyonrails Rails 4.2.4
Rubyonrails Rails 4.2.3
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.1.9
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.12
Rubyonrails Rails 4.1.10
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.0.5
Rubyonrails Rails 4.0.1
Rubyonrails Ruby On Rails
Rubyonrails Rails 4.2.5
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.14
Rubyonrails Rails 4.1.13
Rubyonrails Rails 4.0.10
1 EDB exploit
10 Github repositories
5
CVSSv2
CVE-2014-7829
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x prior to 3.2.21, 4.0.x prior to 4.0.12, 4.1.x prior to 4.1.8, and 4.2.x prior to 4.2.0.beta4, when serve_static_assets is enabled, allows remote malicious ...
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.16
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.15
Rubyonrails Rails 3.2.16
Rubyonrails Rails 3.2.3
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started