Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails ruby on rails vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-6497
The Authlogic gem for Ruby on Rails, when used with certain versions prior to 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote malicious users to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a know...
Rubyonrails Rails
6.8
CVSSv2
CVE-2007-6077
The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, wh...
Rubyonrails Rails 1.2.4
NA
CVE-2023-22795
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version ...
Rubyonrails Rails
Debian Debian Linux 11.0
4.3
CVSSv2
CVE-2013-4389
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x prior to 3.2.15 allow remote malicious users to cause a denial of service via a crafted e-mail address that is improperly handled during constru...
Rubyonrails Rails
Opensuse Opensuse 12.3
Opensuse Opensuse 12.2
Opensuse Opensuse 13.1
Debian Debian Linux 7.0
4.3
CVSSv2
CVE-2010-3299
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.
Rubyonrails Rails 2.3
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2018-3741
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on tar...
Rubyonrails Html Sanitizer
1 Github repository
4.3
CVSSv2
CVE-2015-3224
request.rb in Web Console prior to 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote malicious users to bypass the whitelisted_ips protection mechanism via a ...
Rubyonrails Web Console
1 EDB exploit
3 Github repositories
4.3
CVSSv2
CVE-2022-23634
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to wor...
Puma Puma
Rubyonrails Rails
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
4.3
CVSSv2
CVE-2015-7580
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem prior to 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via a crafted CDATA node.
Rubyonrails Html Sanitizer
4.3
CVSSv2
CVE-2015-7579
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
Rubyonrails Html Sanitizer
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »