Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-28103
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
Rubyonrails Rails 7.2.0
Rubyonrails Rails
9.8
CVSSv3
CVE-2022-21831
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an malicious user to execute code via image_processing arguments.
Rubyonrails Active Storage
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2020-8165
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an malicious user to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
Rubyonrails Rails
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
8 Github repositories
9.8
CVSSv3
CVE-2019-5420
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an malicious user to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a re...
Rubyonrails Rails
Rubyonrails Rails 6.0.0
Debian Debian Linux 8.0
Fedoraproject Fedora 30
1 EDB exploit
17 Github repositories
9.8
CVSSv3
CVE-2009-2422
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails prior to 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent malicious...
Rubyonrails Ruby On Rails
Apple Mac Os X 10.5.8
Apple Mac Os X Server 10.5.8
Apple Mac Os X
Apple Mac Os X Server
8.8
CVSSv3
CVE-2020-8163
The is a code injection vulnerability in versions of Rails before 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
Rubyonrails Rails
Debian Debian Linux 9.0
6 Github repositories
8.1
CVSSv3
CVE-2017-17916
SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states tha...
Rubyonrails Rails
8.1
CVSSv3
CVE-2017-17919
SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states th...
Rubyonrails Ruby On Rails
8.1
CVSSv3
CVE-2017-17917
SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that th...
Rubyonrails Rails
1 Github repository
8.1
CVSSv3
CVE-2017-17920
SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states tha...
Rubyonrails Ruby On Rails
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »