Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails actionpack vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Rubyonrails Rails
Debian Debian Linux 8.0
Redhat Cloudforms 4.7
Opensuse Leap 15.0
Fedoraproject Fedora 30
Redhat Software Collections 1.0
Redhat Cloudforms 4.6
1 EDB exploit
16 Github repositories
7.8
CVSSv2
CVE-2019-5419
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
Rubyonrails Rails
Debian Debian Linux 8.0
Redhat Software Collections 1.0
Redhat Cloudforms 4.6
Redhat Cloudforms 4.7
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 30
3 Github repositories
7.5
CVSSv2
CVE-2016-2098
Action Pack in Ruby on Rails prior to 3.2.22.2, 4.x prior to 4.1.14.2, and 4.2.x prior to 4.2.5.2 allows remote malicious users to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Debian Debian Linux 8.0
Rubyonrails Rails 4.2.4
Rubyonrails Rails 4.2.3
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.1.9
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.12
Rubyonrails Rails 4.1.10
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.0.5
Rubyonrails Rails 4.0.1
Rubyonrails Ruby On Rails
Rubyonrails Rails 4.2.5
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.14
Rubyonrails Rails 4.1.13
Rubyonrails Rails 4.0.10
1 EDB exploit
10 Github repositories
5
CVSSv2
CVE-2014-7829
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x prior to 3.2.21, 4.0.x prior to 4.0.12, 4.1.x prior to 4.1.8, and 4.2.x prior to 4.2.0.beta4, when serve_static_assets is enabled, allows remote malicious ...
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.16
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.15
Rubyonrails Rails 3.2.16
Rubyonrails Rails 3.2.3
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
4.3
CVSSv2
CVE-2014-7818
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x prior to 3.2.20, 4.0.x prior to 4.0.11, 4.1.x prior to 4.1.7, and 4.2.x prior to 4.2.0.beta3, when serve_static_assets is enabled, allows remote malicious ...
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.16
Rubyonrails Rails 3.0.17
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.3
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.2.16
Rubyonrails Rails 3.2.17
4.3
CVSSv2
CVE-2013-6416
Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x prior to 4.0.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted HTML attribute.
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
Rubyonrails Rails
5
CVSSv2
CVE-2013-1854
The Active Record component in Ruby on Rails 2.3.x prior to 2.3.18, 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote malicious users to cause a denial of service via crafted input to a where method.
Rubyonrails Ruby On Rails 2.3.17
Rubyonrails Ruby On Rails 3.1.11
Rubyonrails Rails 2.3.0
Rubyonrails Rails 2.3.1
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.4
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.3.12
Rubyonrails Rails 2.3.13
Rubyonrails Rails 2.3.14
Rubyonrails Rails 2.3.15
Rubyonrails Rails 2.3.16
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.7
4.3
CVSSv2
CVE-2013-1855
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails prior to 2.3.18, 3.0.x and 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 does not properly handle \n (newline) characters, which makes it easier...
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.2.5
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.2.10
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.12
Rubyonrails Rails 3.2.2
Rubyonrails Rails 3.2.3
Rubyonrails Rails 3.2.4
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.7.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 1.2.4
Rubyonrails Ruby On Rails 0.8.5
Rubyonrails Ruby On Rails 0.6.0
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Ruby On Rails 0.9.0
4.3
CVSSv2
CVE-2013-1857
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails prior to 2.3.18, 3.0.x and 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes ...
Redhat Enterprise Linux 6.0
Rubyonrails Rails 2.3.15
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.0
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.0.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.3.12
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 1.2.1
Rubyonrails Rails 1.2.0
Rubyonrails Rails 1.1.6
Rubyonrails Rails 1.1.5
Rubyonrails Rails 0.9.4.1
Rubyonrails Rails 0.14.4
Rubyonrails Ruby On Rails 0.5.0
Rubyonrails Ruby On Rails 0.5.5
6.4
CVSSv2
CVE-2013-0155
Ruby on Rails 3.0.x prior to 3.0.19, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote malicious users to bypass intended database-quer...
Rubyonrails Ruby On Rails
Rubyonrails Rails
Debian Debian Linux 6.0
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »