Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-3741
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on tar...
Rubyonrails Html Sanitizer
1 Github repository
6.1
CVSSv3
CVE-2015-7579
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
Rubyonrails Html Sanitizer
6.1
CVSSv3
CVE-2015-7580
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem prior to 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via a crafted CDATA node.
Rubyonrails Html Sanitizer
6.1
CVSSv3
CVE-2015-7578
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem prior to 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via crafted tag attributes.
Rubyonrails Html Sanitizer
5.9
CVSSv3
CVE-2022-23634
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to wor...
Puma Puma
Rubyonrails Rails
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5.9
CVSSv3
CVE-2022-23633
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next reques...
Rubyonrails Rails
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.4
CVSSv3
CVE-2022-3704
A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack re...
Rubyonrails Rails -
5.3
CVSSv3
CVE-2019-25025
The activerecord-session_store (aka Active Record Session Store) component up to and including 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing...
Rubyonrails Active Record Session Store
2 Github repositories
5.3
CVSSv3
CVE-2016-2097
Directory traversal vulnerability in Action View in Ruby on Rails prior to 3.2.22.2 and 4.x prior to 4.1.14.2 allows remote malicious users to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname...
Rubyonrails Rails 4.0.4
Rubyonrails Rails 4.1.9
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.12
Rubyonrails Rails 4.1.10
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.0.5
Rubyonrails Rails 4.0.1
Rubyonrails Ruby On Rails
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.14
Rubyonrails Rails 4.1.13
Rubyonrails Rails 4.0.10
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.0.8
Rubyonrails Rails 4.0.7
4.8
CVSSv3
CVE-2020-5267
In ActionView prior to 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
Rubyonrails Actionview
Debian Debian Linux 8.0
Fedoraproject Fedora 33
Opensuse Leap 15.1
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »