Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails actionpack vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-22797
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could a...
Rubyonrails Rails
Actionpack Project Actionpack
NA
CVE-2022-3704
A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack re...
Rubyonrails Rails -
383
VMScore
CVE-2022-27777
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an malicious user to inject content if able to control input into specific attributes.
Rubyonrails Actionpack
Debian Debian Linux 10.0
384
VMScore
CVE-2022-22577
An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an malicious user to bypass CSP for non HTML like responses.
Rubyonrails Actionpack
Debian Debian Linux 10.0
516
VMScore
CVE-2021-22903
The actionpack ruby gem prior to 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious we...
Rubyonrails Rails 6.1.0
Rubyonrails Rails
445
VMScore
CVE-2021-22902
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) prior to 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser...
Rubyonrails Rails
445
VMScore
CVE-2021-22904
The actionpack ruby gem prior to 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token...
Rubyonrails Rails
445
VMScore
CVE-2021-22885
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
Rubyonrails Rails
Rubyonrails Actionpack Page-caching -
Debian Debian Linux 10.0
383
VMScore
CVE-2020-8264
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an malicious user to send or embed (in another page) a specially crafted URL which can allow the malicious user to execute JavaScript in the context of t...
Rubyonrails Rails
668
VMScore
CVE-2020-8159
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an malicious user to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
Rubyonrails Actionpack Page-caching
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »