Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
activesupport vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-22796
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large am...
Activesupport Project Activesupport
9.8
CVSSv3
CVE-2018-3779
active-support ruby gem 5.2.0 could allow a remote malicious user to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.
Activesupport Project Activesupport 5.2.0
NA
CVE-2013-0333
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x prior to 2.3.16 and 3.0.x prior to 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote malicious users to execute arbitrary code, conduct SQL injection attacks...
Rubyonrails Rails 2.3.0
Rubyonrails Rails 2.3.1
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.4
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.3.12
Rubyonrails Rails 2.3.13
Rubyonrails Rails 2.3.14
Rubyonrails Rails 2.3.15
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.14
1 EDB exploit
3 Github repositories
NA
CVE-2015-3226
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x prior to 4.1.11 and 4.2.x prior to 4.2.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.1.6
Rubyonrails Rails 3.2.17
Rubyonrails Rails 3.2.16
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.2
Rubyonrails Rails 3.2.12
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.2.4
Rubyonrails Rails 3.2.3
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.4
Rubyonrails Rails 3.2.15
Rubyonrails Ruby On Rails 3.2.14
Rubyonrails Rails 3.2.13
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.2.5
NA
CVE-2015-3227
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails prior to 4.1.11 and 4.2.x prior to 4.2.2, when JDOM or REXML is enabled, allow remote malicious users to cause a denial of service (SystemStackError) via a large XML document depth.
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.8
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.1.0
NA
CVE-2008-4094
Multiple SQL injection vulnerabilities in Ruby on Rails prior to 2.1.1 allow remote malicious users to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.0.2
Rubyonrails Rails 1.2.6
Rubyonrails Rails 1.2.5
Rubyonrails Rails 1.1.4
Rubyonrails Rails 1.1.3
Rubyonrails Ruby On Rails 0.9.0
Rubyonrails Rails 0.9.1
Rubyonrails Ruby On Rails 0.5.5
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Rails 0.12.1
Rubyonrails Rails 0.14.1
Rubyonrails Ruby On Rails
Rubyonrails Rails 2.0.0
Rubyonrails Rails 1.9.5
Rubyonrails Rails 1.2.0
Rubyonrails Rails 1.1.6
Rubyonrails Rails 1.1.5
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails 0.8.5
Rubyonrails Rails 0.14.4
Rubyonrails Ruby On Rails 0.5.0
NA
CVE-2012-3464
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 might allow remote malicious users to inject arbitrary web script or HTML via vectors inv...
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 1.2.4
Rubyonrails Rails 1.2.3
Rubyonrails Rails 1.1.3
Rubyonrails Rails 1.1.2
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Rails 3.0.9
NA
CVE-2011-2932
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x prior to 2.3.13, 3.0.x prior to 3.0.10, and 3.1.x prior to 3.1.0.rc5 allows remote malicious users to inject arbitrary web script or HTML via a malfo...
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.0.4
Rubyonrails Rails 2.3.9
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.1.0
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.0.1
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 3.0.7
NA
CVE-2013-1856
The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x prior to 3.1.12 and 3.2.x prior to 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allo...
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.10
Rubyonrails Rails 3.2.3
Rubyonrails Rails 3.2.2
Rubyonrails Rails 3.1.8
Rubyonrails Rails 3.1.7
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.1.9
Rubyonrails Rails 3.1.10
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.4
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.2.12
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.5
NA
CVE-2012-3465
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 allows remote malicious users to inject arbitrary web script or HTML via mal...
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 1.2.4
Rubyonrails Rails 1.2.3
Rubyonrails Rails 1.2.2
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.1
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »