Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ruby on rails vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2022-23634
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to wor...
Puma Puma
Rubyonrails Rails
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
6.1
CVSSv3
CVE-2018-3741
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on tar...
Rubyonrails Html Sanitizer
1 Github repository
NA
CVE-2015-3224
request.rb in Web Console prior to 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote malicious users to bypass the whitelisted_ips protection mechanism via a ...
Rubyonrails Web Console
1 EDB exploit
3 Github repositories
6.5
CVSSv3
CVE-2023-34246
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, thei...
Doorkeeper Project Doorkeeper
6.1
CVSSv3
CVE-2018-16471
There is a possible XSS vulnerability in Rack prior to 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape...
Rack Project Rack
Debian Debian Linux 8.0
2 Github repositories
6.1
CVSSv3
CVE-2015-7580
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem prior to 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via a crafted CDATA node.
Rubyonrails Html Sanitizer
9.8
CVSSv3
CVE-2015-2784
The papercrop gem prior to 0.3.0 for Ruby on Rails does not properly handle crop input.
Papercrop Project Papercrop
6.1
CVSSv3
CVE-2015-7579
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
Rubyonrails Html Sanitizer
NA
CVE-2013-1756
The Dragonfly gem 0.7 prior to 0.8.6 and 0.9.x prior to 0.9.13 for Ruby, when used with Ruby on Rails, allows remote malicious users to execute arbitrary code via a crafted request.
Mark Evans Dragonfly Gem 0.7.0
Mark Evans Dragonfly Gem 0.7.1
Mark Evans Dragonfly Gem 0.7.2
Mark Evans Dragonfly Gem 0.7.3
Mark Evans Dragonfly Gem 0.7.4
Mark Evans Dragonfly Gem 0.7.5
Mark Evans Dragonfly Gem 0.7.6
Mark Evans Dragonfly Gem 0.7.7
Mark Evans Dragonfly Gem 0.8.0
Mark Evans Dragonfly Gem 0.8.1
Mark Evans Dragonfly Gem 0.8.2
Mark Evans Dragonfly Gem 0.8.4
Mark Evans Dragonfly Gem 0.8.5
Mark Evans Dragonfly Gem 0.9.0
Mark Evans Dragonfly Gem 0.9.1
Mark Evans Dragonfly Gem 0.9.2
Mark Evans Dragonfly Gem 0.9.3
Mark Evans Dragonfly Gem 0.9.4
Mark Evans Dragonfly Gem 0.9.5
Mark Evans Dragonfly Gem 0.9.6
Mark Evans Dragonfly Gem 0.9.7
Mark Evans Dragonfly Gem 0.9.8
NA
CVE-2013-4492
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem prior to 0.6.6 for Ruby allows remote malicious users to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.
I18n Project I18n
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »