Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2021-44528
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an malicious user to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect u...
Rubyonrails Rails 7.0.0
Rubyonrails Rails 6.1.4.2
Rubyonrails Rails 6.0.4.2
516
VMScore
CVE-2021-22942
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow malicious users to redirect users to a malicious website.
Rubyonrails Rails
516
VMScore
CVE-2021-22903
The actionpack ruby gem prior to 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious we...
Rubyonrails Rails 6.1.0
Rubyonrails Rails
516
VMScore
CVE-2021-22881
The Host Authorization middleware in Action Pack prior to 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redi...
Rubyonrails Rails
Fedoraproject Fedora 33
516
VMScore
CVE-2013-1856
The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x prior to 3.1.12 and 3.2.x prior to 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allo...
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.10
Rubyonrails Rails 3.2.3
Rubyonrails Rails 3.2.2
Rubyonrails Rails 3.1.8
Rubyonrails Rails 3.1.7
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.1.9
Rubyonrails Rails 3.1.10
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.4
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.2.12
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.5
510
VMScore
CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Rubyonrails Rails
Debian Debian Linux 8.0
Redhat Cloudforms 4.7
Opensuse Leap 15.0
Fedoraproject Fedora 30
Redhat Software Collections 1.0
Redhat Cloudforms 4.6
1 EDB exploit
16 Github repositories
446
VMScore
CVE-2019-25025
The activerecord-session_store (aka Active Record Session Store) component up to and including 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing...
Rubyonrails Active Record Session Store
2 Github repositories
446
VMScore
CVE-2014-7829
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x prior to 3.2.21, 4.0.x prior to 4.0.12, 4.1.x prior to 4.1.8, and 4.2.x prior to 4.2.0.beta4, when serve_static_assets is enabled, allows remote malicious ...
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.16
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.15
Rubyonrails Rails 3.2.16
Rubyonrails Rails 3.2.3
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
446
VMScore
CVE-2012-2661
The Active Record component in Ruby on Rails 3.0.x prior to 3.0.13, 3.1.x prior to 3.1.5, and 3.2.x prior to 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote malicious users to conduct certain SQL inject...
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.7
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.3
Rubyonrails Rails 3.2.4
2 Github repositories
445
VMScore
CVE-2021-22904
The actionpack ruby gem prior to 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token...
Rubyonrails Rails
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »