Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-3186
CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x prior to 2.3.13 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.
Rubyonrails Rails 2.3.12
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.3.4
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.3.2
4.3
CVSSv2
CVE-2011-2197
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x prior to 2.3.12, 3.0.x prior to 3.0.8, and 3.1.x prior to 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote malicious users to conduct XSS attacks via crafted string...
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.0.4
Rubyonrails Rails 2.0.1
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.0.2
Rubyonrails Rails 2.3.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.8
7.5
CVSSv2
CVE-2011-0448
Ruby on Rails 3.0.x prior to 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote malicious users to conduct SQL injection attacks via a non-numeric argument.
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.4
7.5
CVSSv2
CVE-2011-0449
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x prior to 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote malicious users to bypass intended access re...
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.4
4.3
CVSSv2
CVE-2011-0446
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails prior to 2.3.11, and 3.x prior to 3.0.4, when javascript encoding is used, allow remote malicious users to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.0.2
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.9
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.4
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.0.4
Rubyonrails Rails 2.0.1
6.8
CVSSv2
CVE-2011-0447
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x prior to 2.3.11, and 3.x prior to 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks via forged (1) AJ...
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.3.9
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.4
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.4
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.3.10
6.4
CVSSv2
CVE-2010-3933
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote malicious users to modify arbitrary records by changing the names of parameters for form inputs.
Rubyonrails Rails 2.3.9
Rubyonrails Rails 3.0.0
6.8
CVSSv2
CVE-2008-7248
Ruby on Rails 2.1 prior to 2.1.3 and 2.2.x prior to 2.2.2 does not verify tokens for requests with certain content types, which allows remote malicious users to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demon...
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.2.1
1 EDB exploit
4.3
CVSSv2
CVE-2009-4214
Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails prior to 2.2.s, and 2.3.x prior to 2.3.5, allows remote malicious users to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and ...
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.4
Rubyonrails Rails 1.9.5
Rubyonrails Rails 1.2.5
Rubyonrails Rails 1.1.5
Rubyonrails Rails 1.1.3
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails 0.9.0
Rubyonrails Ruby On Rails 0.5.0
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Rails 0.13.0
Rubyonrails Rails 0.14.1
Rubyonrails Rails 0.11.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.0.4
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.0.1
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.1
Rubyonrails Rails 1.1.0
Rubyonrails Rails 1.0.0
5
CVSSv2
CVE-2009-3086
A certain algorithm in Ruby on Rails 2.1.0 up to and including 2.2.2, and 2.3.x prior to 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote malicious users to forge a digest via multiple attempts.
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.3.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »