Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-8162
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
Rubyonrails Rails
Debian Debian Linux 10.0
445
VMScore
CVE-2020-8164
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an malicious user to supply information can be inadvertently leaked fromStrong Parameters.
Rubyonrails Rails
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
445
VMScore
CVE-2020-8151
There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an malicious user to create specially crafted requests to access data in an unexpected way and possibly leak information.
Rubyonrails Active Resource
Fedoraproject Fedora 33
312
VMScore
CVE-2020-5267
In ActionView prior to 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
Rubyonrails Actionview
Debian Debian Linux 8.0
Fedoraproject Fedora 33
Opensuse Leap 15.1
2 Github repositories
383
VMScore
CVE-2010-3299
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.