Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rails vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-41275
spree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spree_auth_devise is subject to a CSRF vulnerability that ...
Spreecommerce Spree Auth Devise
Spreecommerce Spree Auth Devise 4.2.0
Spreecommerce Spree Auth Devise 4.1.0
8.8
CVSSv3
CVE-2021-41263
rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be ...
Discourse Rails Multisite
6.1
CVSSv3
CVE-2011-1497
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
Rubyonrails Rails
6.1
CVSSv3
CVE-2021-22942
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow malicious users to redirect users to a malicious website.
Rubyonrails Rails
3.7
CVSSv3
CVE-2021-41136
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the p...
Puma Puma
Debian Debian Linux 10.0
Debian Debian Linux 11.0
2.7
CVSSv3
CVE-2021-39900
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.
Gitlab Gitlab
Gitlab Gitlab 14.3.0
8.8
CVSSv3
CVE-2021-39197
better_errors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. better_errors before 2.8.0 did not implement CSRF protection for its internal requests. It ...
Better Errors Project Better Errors
7.5
CVSSv3
CVE-2021-22904
The actionpack ruby gem prior to 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token...
Rubyonrails Rails
7.5
CVSSv3
CVE-2021-22902
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) prior to 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser...
Rubyonrails Rails
6.1
CVSSv3
CVE-2021-22903
The actionpack ruby gem prior to 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious we...
Rubyonrails Rails 6.1.0
Rubyonrails Rails
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »