Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2011-0448
Ruby on Rails 3.0.x prior to 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote malicious users to conduct SQL injection attacks via a non-numeric argument.
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.4
668
VMScore
CVE-2011-0449
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x prior to 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote malicious users to bypass intended access re...
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.4
668
VMScore
CVE-2006-4112
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 up to and including 1.1.5 allows remote malicious users to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of servic...
Rubyonrails Rails 1.1.0
Rubyonrails Rails 1.1.1
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.3
Rubyonrails Rails 1.1.4
685
VMScore
CVE-2008-7248
Ruby on Rails 2.1 prior to 2.1.3 and 2.2.x prior to 2.2.2 does not verify tokens for requests with certain content types, which allows remote malicious users to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demon...
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.2.1
1 EDB exploit
605
VMScore
CVE-2014-0080
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x prior to 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote malicious users to execute "add data" SQL commands via ve...
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.0.0
383
VMScore
CVE-2013-6416
Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x prior to 4.0.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted HTML attribute.
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
Rubyonrails Rails
516
VMScore
CVE-2021-44528
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an malicious user to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect u...
Rubyonrails Rails 7.0.0
Rubyonrails Rails 6.1.4.2
Rubyonrails Rails 6.0.4.2
445
VMScore
CVE-2014-3916
The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent malicious users to cause a denial of service (segmentation fault and crash) via a long string.
Rubyonrails Rails 1.9.3
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.1.0
516
VMScore
CVE-2021-22903
The actionpack ruby gem prior to 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious we...
Rubyonrails Rails 6.1.0
Rubyonrails Rails
570
VMScore
CVE-2010-3933
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote malicious users to modify arbitrary records by changing the names of parameters for form inputs.
Rubyonrails Rails 2.3.9
Rubyonrails Rails 3.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »