Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-7248
Ruby on Rails 2.1 prior to 2.1.3 and 2.2.x prior to 2.2.2 does not verify tokens for requests with certain content types, which allows remote malicious users to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demon...
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.2.1
1 EDB exploit
NA
CVE-2006-4112
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 up to and including 1.1.5 allows remote malicious users to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of servic...
Rubyonrails Rails 1.1.0
Rubyonrails Rails 1.1.1
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.3
Rubyonrails Rails 1.1.4
NA
CVE-2011-0448
Ruby on Rails 3.0.x prior to 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote malicious users to conduct SQL injection attacks via a non-numeric argument.
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.4
NA
CVE-2011-0449
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x prior to 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote malicious users to bypass intended access re...
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.4
NA
CVE-2014-0080
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x prior to 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote malicious users to execute "add data" SQL commands via ve...
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.0.0
NA
CVE-2013-6416
Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x prior to 4.0.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted HTML attribute.
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
Rubyonrails Rails
NA
CVE-2014-3916
The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent malicious users to cause a denial of service (segmentation fault and crash) via a long string.
Rubyonrails Rails 1.9.3
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.1.0
6.1
CVSSv3
CVE-2021-44528
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an malicious user to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect u...
Rubyonrails Rails 7.0.0
Rubyonrails Rails 6.1.4.2
Rubyonrails Rails 6.0.4.2
6.1
CVSSv3
CVE-2021-22903
The actionpack ruby gem prior to 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious we...
Rubyonrails Rails 6.1.0
Rubyonrails Rails
NA
CVE-2010-3933
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote malicious users to modify arbitrary records by changing the names of parameters for form inputs.
Rubyonrails Rails 2.3.9
Rubyonrails Rails 3.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »