Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rails vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-8165
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an malicious user to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
Rubyonrails Rails
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
8 Github repositories
5
CVSSv2
CVE-2020-8162
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
Rubyonrails Rails
Debian Debian Linux 10.0
5
CVSSv2
CVE-2020-8164
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an malicious user to supply information can be inadvertently leaked fromStrong Parameters.
Rubyonrails Rails
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
4.3
CVSSv2
CVE-2020-11082
In Kaminari prior to 1.2.1, there is a vulnerability that would allow an malicious user to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.
Kaminari Project Kaminari
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5
CVSSv2
CVE-2020-8151
There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an malicious user to create specially crafted requests to access data in an unexpected way and possibly leak information.
Rubyonrails Active Resource
Fedoraproject Fedora 33
3.5
CVSSv2
CVE-2020-5267
In ActionView prior to 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
Rubyonrails Actionview
Debian Debian Linux 8.0
Fedoraproject Fedora 33
Opensuse Leap 15.1
2 Github repositories
5
CVSSv2
CVE-2020-5216
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions prior to 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited heade...
Twitter Secure Headers
7.5
CVSSv2
CVE-2015-2784
The papercrop gem prior to 0.3.0 for Ruby on Rails does not properly handle crop input.
Papercrop Project Papercrop
4.3
CVSSv2
CVE-2010-3299
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.
Rubyonrails Rails 2.3
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.6
CVSSv2
CVE-2017-18452
cPanel prior to 64.0.21 allows code execution via Rails configuration files (SEC-259).
Cpanel Cpanel
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »