Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-22885
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
Rubyonrails Rails
Rubyonrails Actionpack Page-caching -
Debian Debian Linux 10.0
356
VMScore
CVE-2020-8185
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
Rubyonrails Rails
Fedoraproject Fedora 33
445
VMScore
CVE-2018-16476
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an malicious user to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in ve...
Rubyonrails Rails
Redhat Cloudforms 4.6
NA
CVE-2023-22797
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could a...
Rubyonrails Rails
Actionpack Project Actionpack
516
VMScore
CVE-2021-22881
The Host Authorization middleware in Action Pack prior to 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redi...
Rubyonrails Rails
Fedoraproject Fedora 33
NA
CVE-2023-22795
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version ...
Rubyonrails Rails
Debian Debian Linux 11.0
383
VMScore
CVE-2020-8167
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow malicious users to send CSRF tokens to wrong domains.
Rubyonrails Rails
Debian Debian Linux 10.0
445
VMScore
CVE-2020-8162
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
Rubyonrails Rails
Debian Debian Linux 10.0
580
VMScore
CVE-2020-8163
The is a code injection vulnerability in versions of Rails before 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
Rubyonrails Rails
Debian Debian Linux 9.0
6 Github repositories
383
VMScore
CVE-2020-8166
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an malicious user to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
Rubyonrails Rails
Debian Debian Linux 10.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »