Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby on rails vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-23634
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to wor...
Puma Puma
Rubyonrails Rails
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
4.3
CVSSv2
CVE-2018-3741
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on tar...
Rubyonrails Html Sanitizer
1 Github repository
4.3
CVSSv2
CVE-2015-3224
request.rb in Web Console prior to 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote malicious users to bypass the whitelisted_ips protection mechanism via a ...
Rubyonrails Web Console
1 EDB exploit
3 Github repositories
NA
CVE-2023-34246
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, thei...
Doorkeeper Project Doorkeeper
4.3
CVSSv2
CVE-2018-16471
There is a possible XSS vulnerability in Rack prior to 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape...
Rack Project Rack
Debian Debian Linux 8.0
2 Github repositories
4.3
CVSSv2
CVE-2015-7580
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem prior to 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via a crafted CDATA node.
Rubyonrails Html Sanitizer
7.5
CVSSv2
CVE-2015-2784
The papercrop gem prior to 0.3.0 for Ruby on Rails does not properly handle crop input.
Papercrop Project Papercrop
4.3
CVSSv2
CVE-2015-7579
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
Rubyonrails Html Sanitizer
7.5
CVSSv2
CVE-2013-1756
The Dragonfly gem 0.7 prior to 0.8.6 and 0.9.x prior to 0.9.13 for Ruby, when used with Ruby on Rails, allows remote malicious users to execute arbitrary code via a crafted request.
Mark Evans Dragonfly Gem 0.7.0
Mark Evans Dragonfly Gem 0.7.1
Mark Evans Dragonfly Gem 0.7.2
Mark Evans Dragonfly Gem 0.7.3
Mark Evans Dragonfly Gem 0.7.4
Mark Evans Dragonfly Gem 0.7.5
Mark Evans Dragonfly Gem 0.7.6
Mark Evans Dragonfly Gem 0.7.7
Mark Evans Dragonfly Gem 0.8.0
Mark Evans Dragonfly Gem 0.8.1
Mark Evans Dragonfly Gem 0.8.2
Mark Evans Dragonfly Gem 0.8.4
Mark Evans Dragonfly Gem 0.8.5
Mark Evans Dragonfly Gem 0.9.0
Mark Evans Dragonfly Gem 0.9.1
Mark Evans Dragonfly Gem 0.9.2
Mark Evans Dragonfly Gem 0.9.3
Mark Evans Dragonfly Gem 0.9.4
Mark Evans Dragonfly Gem 0.9.5
Mark Evans Dragonfly Gem 0.9.6
Mark Evans Dragonfly Gem 0.9.7
Mark Evans Dragonfly Gem 0.9.8
4.3
CVSSv2
CVE-2013-4492
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem prior to 0.6.6 for Ruby allows remote malicious users to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.
I18n Project I18n
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »