Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-22885
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
Rubyonrails Rails
Rubyonrails Actionpack Page-caching -
Debian Debian Linux 10.0
5
CVSSv2
CVE-2019-25025
The activerecord-session_store (aka Active Record Session Store) component up to and including 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing...
Rubyonrails Active Record Session Store
2 Github repositories
5
CVSSv2
CVE-2021-22880
The PostgreSQL adapter in Active Record prior to 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too...
Rubyonrails Rails
Fedoraproject Fedora 32
Fedoraproject Fedora 33
1 Github repository
5.8
CVSSv2
CVE-2021-22881
The Host Authorization middleware in Action Pack prior to 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redi...
Rubyonrails Rails
Fedoraproject Fedora 33
4.3
CVSSv2
CVE-2020-8264
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an malicious user to send or embed (in another page) a specially crafted URL which can allow the malicious user to execute JavaScript in the context of t...
Rubyonrails Rails
4
CVSSv2
CVE-2020-8185
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
Rubyonrails Rails
Fedoraproject Fedora 33
4.3
CVSSv2
CVE-2020-8166
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an malicious user to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
Rubyonrails Rails
Debian Debian Linux 10.0
6.5
CVSSv2
CVE-2020-8163
The is a code injection vulnerability in versions of Rails before 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
Rubyonrails Rails
Debian Debian Linux 9.0
6 Github repositories
4.3
CVSSv2
CVE-2020-8167
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow malicious users to send CSRF tokens to wrong domains.
Rubyonrails Rails
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2020-8165
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an malicious user to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
Rubyonrails Rails
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
8 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »