Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rails vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2021-22942
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow malicious users to redirect users to a malicious website.
Rubyonrails Rails
3.6
CVSSv2
CVE-2021-41136
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the p...
Puma Puma
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4
CVSSv2
CVE-2021-39900
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
6.8
CVSSv2
CVE-2021-39197
better_errors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. better_errors before 2.8.0 did not implement CSRF protection for its internal requests. It ...
Better Errors Project Better Errors
5.8
CVSSv2
CVE-2021-22903
The actionpack ruby gem prior to 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious we...
Rubyonrails Rails 6.1.0
Rubyonrails Rails
5
CVSSv2
CVE-2021-22902
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) prior to 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser...
Rubyonrails Rails
5
CVSSv2
CVE-2021-22904
The actionpack ruby gem prior to 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token...
Rubyonrails Rails
5
CVSSv2
CVE-2021-22885
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
Rubyonrails Rails
Rubyonrails Actionpack Page-caching -
Debian Debian Linux 10.0
5
CVSSv2
CVE-2021-29509
Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threa...
Puma Puma
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2021-29435
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an malicious user to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin ...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »