Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-22792
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtrack...
Rubyonrails Rails
7.5
CVSSv3
CVE-2023-22795
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version ...
Rubyonrails Rails
Debian Debian Linux 11.0
6.1
CVSSv3
CVE-2023-22797
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could a...
Rubyonrails Rails
Actionpack Project Actionpack
6.1
CVSSv3
CVE-2022-23520
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allo...
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
2 Github repositories
6.1
CVSSv3
CVE-2022-23518
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
Loofah Project Loofah
7.5
CVSSv3
CVE-2022-23517
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attribute...
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2022-23519
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an malicious user to inject content if the application developer has overr...
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
5.4
CVSSv3
CVE-2022-3704
A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack re...
Rubyonrails Rails -
6.1
CVSSv3
CVE-2022-32209
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3#...
Rubyonrails Rails Html Sanitizers
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2022-27777
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an malicious user to inject content if able to control input into specific attributes.
Rubyonrails Actionpack
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »