Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails 6.0.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-5420
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an malicious user to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a re...
Rubyonrails Rails
Rubyonrails Rails 6.0.0
Debian Debian Linux 8.0
Fedoraproject Fedora 30
1 EDB exploit
17 Github repositories
6.1
CVSSv3
CVE-2021-44528
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an malicious user to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect u...
Rubyonrails Rails 7.0.0
Rubyonrails Rails 6.1.4.2
Rubyonrails Rails 6.0.4.2
6.1
CVSSv3
CVE-2021-22942
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow malicious users to redirect users to a malicious website.
Rubyonrails Rails
6.1
CVSSv3
CVE-2020-8264
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an malicious user to send or embed (in another page) a specially crafted URL which can allow the malicious user to execute JavaScript in the context of t...
Rubyonrails Rails
7.5
CVSSv3
CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Rubyonrails Rails
Debian Debian Linux 8.0
Redhat Cloudforms 4.7
Opensuse Leap 15.0
Fedoraproject Fedora 30
Redhat Software Collections 1.0
Redhat Cloudforms 4.6
1 EDB exploit
15 Github repositories
7.5
CVSSv3
CVE-2019-5419
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
Rubyonrails Rails
Debian Debian Linux 8.0
Redhat Software Collections 1.0
Redhat Cloudforms 4.6
Redhat Cloudforms 4.7
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 30
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started