Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rails vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-22885
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
Rubyonrails Rails
Rubyonrails Actionpack Page-caching -
Debian Debian Linux 10.0
5
CVSSv2
CVE-2021-29509
Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threa...
Puma Puma
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2021-29435
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an malicious user to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin ...
Trestle-auth Project Trestle-auth 0.4.1
Trestle-auth Project Trestle-auth 0.4.0
5
CVSSv2
CVE-2019-25025
The activerecord-session_store (aka Active Record Session Store) component up to and including 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing...
Rubyonrails Active Record Session Store
2 Github repositories
5
CVSSv2
CVE-2021-22880
The PostgreSQL adapter in Active Record prior to 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too...
Rubyonrails Rails
Fedoraproject Fedora 32
Fedoraproject Fedora 33
1 Github repository
5.8
CVSSv2
CVE-2021-22881
The Host Authorization middleware in Action Pack prior to 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redi...
Rubyonrails Rails
Fedoraproject Fedora 33
4.3
CVSSv2
CVE-2020-36190
RailsAdmin (aka rails_admin) prior to 1.4.3 and 2.x prior to 2.0.2 allows XSS via nested forms.
Rails Admin Project Rails Admin
4.3
CVSSv2
CVE-2020-8264
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an malicious user to send or embed (in another page) a specially crafted URL which can allow the malicious user to execute JavaScript in the context of t...
Rubyonrails Rails
2.1
CVSSv2
CVE-2020-26416
Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.
Gitlab Gitlab
4
CVSSv2
CVE-2020-26223
Spree is a complete open source e-commerce solution built with Ruby on Rails. In Spree from version 3.7 and prior to 3.7.13, 4.0.5, and 4.1.12, there is an authorization bypass vulnerability. The perpetrator could query the API v2 Order Status endpoint with an empty string passed...
Spreecommerce Spree
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »