Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rails vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-17919
SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states th...
Rubyonrails Ruby On Rails
6.8
CVSSv2
CVE-2017-17920
SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states tha...
Rubyonrails Ruby On Rails
5.8
CVSSv2
CVE-2021-22881
The Host Authorization middleware in Action Pack prior to 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redi...
Rubyonrails Rails
Fedoraproject Fedora 33
NA
CVE-2023-22797
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could a...
Rubyonrails Rails
Actionpack Project Actionpack
5
CVSSv2
CVE-2007-5379
Rails prior to 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrate...
David Hansson Ruby On Rails
6.8
CVSSv2
CVE-2007-5380
Session fixation vulnerability in Rails prior to 1.2.4, as used for Ruby on Rails, allows remote malicious users to hijack web sessions via unspecified vectors related to "URL-based sessions."
David Hansson Ruby On Rails
4
CVSSv2
CVE-2020-8185
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
Rubyonrails Rails
Fedoraproject Fedora 33
5
CVSSv2
CVE-2018-16476
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an malicious user to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in ve...
Rubyonrails Rails
Redhat Cloudforms 4.6
4.3
CVSSv2
CVE-2020-8166
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an malicious user to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
Rubyonrails Rails
Debian Debian Linux 10.0
NA
CVE-2023-22795
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version ...
Rubyonrails Rails
Debian Debian Linux 11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »