Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby on rails vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2008-7248
Ruby on Rails 2.1 prior to 2.1.3 and 2.2.x prior to 2.2.2 does not verify tokens for requests with certain content types, which allows remote malicious users to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demon...
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.2.1
1 EDB exploit
4.3
CVSSv2
CVE-2011-3187
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote malicious users to inject arbitrary text into log files or by...
Rubyonrails Rails 3.0.5
1 EDB exploit
6.5
CVSSv2
CVE-2020-8163
The is a code injection vulnerability in versions of Rails before 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
Rubyonrails Rails
Debian Debian Linux 9.0
6 Github repositories
4.3
CVSSv2
CVE-2017-12098
An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browse...
Rails Admin Project Rails Admin 1.2.0
4.3
CVSSv2
CVE-2013-0276
ActiveRecord in Ruby on Rails prior to 2.3.17, 3.1.x prior to 3.1.11, and 3.2.x prior to 3.2.12 allows remote malicious users to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.3
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.4
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.2.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.2.2
Rubyonrails Rails 3.2.10
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.3
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.1.9
Rubyonrails Rails 3.1.8
Rubyonrails Rails 3.1.7
3 Github repositories
4.3
CVSSv2
CVE-2013-6416
Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x prior to 4.0.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted HTML attribute.
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
Rubyonrails Rails
4.3
CVSSv2
CVE-2007-3227
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote malicious users to inject arbitrary web script via the input values.
Rubyonrails Rails 1.1.5
1 EDB exploit
5
CVSSv2
CVE-2015-3227
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails prior to 4.1.11 and 4.2.x prior to 4.2.2, when JDOM or REXML is enabled, allow remote malicious users to cause a denial of service (SystemStackError) via a large XML document depth.
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.8
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.1.0
7.5
CVSSv2
CVE-2006-4112
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 up to and including 1.1.5 allows remote malicious users to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of servic...
Rubyonrails Rails 1.1.0
Rubyonrails Rails 1.1.1
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.3
Rubyonrails Rails 1.1.4
5
CVSSv2
CVE-2009-3086
A certain algorithm in Ruby on Rails 2.1.0 up to and including 2.2.2, and 2.3.x prior to 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote malicious users to forge a digest via multiple attempts.
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.3.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »