Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails 4.1.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-3227
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails prior to 4.1.11 and 4.2.x prior to 4.2.2, when JDOM or REXML is enabled, allow remote malicious users to cause a denial of service (SystemStackError) via a large XML document depth.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.1.8
Rubyonrails Rails 4.1.0
NA
CVE-2015-3226
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x prior to 4.1.11 and 4.2.x prior to 4.2.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
Rubyonrails Ruby On Rails 3.2.14
Rubyonrails Rails 3.0.0
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.1.8
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.13
Rubyonrails Rails 3.2.15
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.2.5
Rubyonrails Rails 3.2.6
5.3
CVSSv3
CVE-2016-2097
Directory traversal vulnerability in Action View in Ruby on Rails prior to 3.2.22.2 and 4.x prior to 4.1.14.2 allows remote malicious users to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname...
Rubyonrails Ruby On Rails 4.1.14.1
Rubyonrails Ruby On Rails
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.1.9
Rubyonrails Rails 4.1.10
Rubyonrails Rails 4.1.12
Rubyonrails Rails 4.1.13
Rubyonrails Rails 4.1.14
Rubyonrails Rails 4.0.7
Rubyonrails Rails 4.0.8
Rubyonrails Rails 4.0.9
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.7
7.3
CVSSv3
CVE-2016-2098
Action Pack in Ruby on Rails prior to 3.2.22.2, 4.x prior to 4.1.14.2, and 4.2.x prior to 4.2.5.2 allows remote malicious users to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Debian Debian Linux 8.0
Rubyonrails Ruby On Rails 4.1.14.1
Rubyonrails Ruby On Rails
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.1.9
Rubyonrails Rails 4.1.10
Rubyonrails Rails 4.1.12
Rubyonrails Rails 4.1.13
Rubyonrails Rails 4.1.14
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.2.3
Rubyonrails Rails 4.2.4
Rubyonrails Rails 4.2.5
Rubyonrails Rails 4.0.7
Rubyonrails Rails 4.0.8
1 EDB exploit
10 Github repositories
NA
CVE-2014-7818
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x prior to 3.2.20, 4.0.x prior to 4.0.11, 4.1.x prior to 4.1.7, and 4.2.x prior to 4.2.0.beta3, when serve_static_assets is enabled, allows remote malicious ...
Rubyonrails Ruby On Rails 3.2.19
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.0.7
Rubyonrails Rails 4.0.8
Rubyonrails Rails 4.0.9
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.5
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
NA
CVE-2014-7829
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x prior to 3.2.21, 4.0.x prior to 4.0.12, 4.1.x prior to 4.1.8, and 4.2.x prior to 4.2.0.beta4, when serve_static_assets is enabled, allows remote malicious ...
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Rubyonrails Ruby On Rails 3.2.19
Rubyonrails Ruby On Rails 4.0.11
Rubyonrails Ruby On Rails 3.2.20
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.0.7
Rubyonrails Rails 4.0.8
Rubyonrails Rails 4.0.9
Rubyonrails Rails 4.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started