Lucene search

K

Rails Security Vulnerabilities

cve
cve

CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and...

6.1CVSS

6.9AI Score

0.0005EPSS

2024-06-04 08:15 PM
8
cve
cve

CVE-2024-28103

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and...

9.8CVSS

6.8AI Score

0.001EPSS

2024-06-04 08:15 PM
21
cve
cve

CVE-2024-26142

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are.....

7.5CVSS

7.4AI Score

0.0004EPSS

2024-02-27 04:15 PM
85
cve
cve

CVE-2024-26144

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS

4.8AI Score

0.0004EPSS

2024-02-27 04:15 PM
91
cve
cve

CVE-2024-26143

Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html", a :default key which contains untrusted user input, and...

6.1CVSS

5.8AI Score

0.0004EPSS

2024-02-27 04:15 PM
132
cve
cve

CVE-2024-0241

encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id"...

7.5CVSS

7.5AI Score

0.001EPSS

2024-01-04 09:15 PM
14
cve
cve

CVE-2015-2179

The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its...

5.5CVSS

5.3AI Score

0.0004EPSS

2023-12-12 05:15 PM
23
cve
cve

CVE-2023-26153

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the...

9.8CVSS

9.7AI Score

0.001EPSS

2023-10-06 05:15 AM
20
cve
cve

CVE-2023-27849

rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process...

9.8CVSS

9.9AI Score

0.006EPSS

2023-04-24 06:15 PM
17
cve
cve

CVE-2023-28846

Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service (DoS) vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load...

7.5CVSS

7.5AI Score

0.003EPSS

2023-03-30 08:15 PM
20
cve
cve

CVE-2015-10083

A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is.....

9.8CVSS

9.4AI Score

0.018EPSS

2023-02-21 03:15 PM
19
cve
cve

CVE-2023-22797

An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker...

6.1CVSS

5.8AI Score

0.001EPSS

2023-02-09 08:15 PM
70
cve
cve

CVE-2023-22795

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0...

7.5CVSS

7.3AI Score

0.019EPSS

2023-02-09 08:15 PM
224
cve
cve

CVE-2023-22799

A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds...

7.5CVSS

7.3AI Score

0.001EPSS

2023-02-09 08:15 PM
85
cve
cve

CVE-2023-22792

A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause...

7.5CVSS

7.3AI Score

0.001EPSS

2023-02-09 08:15 PM
105
cve
cve

CVE-2023-22796

A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and me...

7.5CVSS

7.2AI Score

0.001EPSS

2023-02-09 08:15 PM
133
cve
cve

CVE-2022-44566

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against.....

7.5CVSS

7.2AI Score

0.001EPSS

2023-02-09 08:15 PM
103
cve
cve

CVE-2023-22794

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizer_hints query method, or through the QueryLogs interface which automatically adds annotations, it may be sen...

8.8CVSS

8.6AI Score

0.001EPSS

2023-02-09 08:15 PM
85
cve
cve

CVE-2023-25015

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows...

6.5CVSS

6.4AI Score

0.001EPSS

2023-02-02 04:15 AM
91
cve
cve

CVE-2014-125054

A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The patch is identified as...

4.3CVSS

4.9AI Score

0.001EPSS

2023-01-07 09:15 AM
20
cve
cve

CVE-2014-125033

A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has...

7.5CVSS

7.5AI Score

0.001EPSS

2023-01-02 08:15 AM
20
cve
cve

CVE-2022-23520

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...

6.1CVSS

6.1AI Score

0.001EPSS

2022-12-14 06:15 PM
93
cve
cve

CVE-2022-23519

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's...

7.2CVSS

5.9AI Score

0.001EPSS

2022-12-14 05:15 PM
82
cve
cve

CVE-2022-23518

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version...

6.1CVSS

5.7AI Score

0.001EPSS

2022-12-14 05:15 PM
77
cve
cve

CVE-2022-23517

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to...

7.5CVSS

7.1AI Score

0.001EPSS

2022-12-14 05:15 PM
126
cve
cve

CVE-2022-32224

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an...

9.8CVSS

9.5AI Score

0.001EPSS

2022-12-05 10:15 PM
109
6
cve
cve

CVE-2022-3704

A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real...

5.4CVSS

5.1AI Score

0.001EPSS

2022-10-26 08:15 PM
48
5
cve
cve

CVE-2010-3933

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form...

6.6AI Score

0.003EPSS

2022-10-03 04:20 PM
56
cve
cve

CVE-2022-32209

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible...

6.1CVSS

6AI Score

0.001EPSS

2022-06-24 03:15 PM
98
8
cve
cve

CVE-2022-21831

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing...

9.8CVSS

9.4AI Score

0.067EPSS

2022-05-26 05:15 PM
226
6
cve
cve

CVE-2022-27777

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific...

6.1CVSS

5.8AI Score

0.001EPSS

2022-05-26 05:15 PM
133
4
cve
cve

CVE-2022-22577

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like...

6.1CVSS

5.8AI Score

0.005EPSS

2022-05-26 05:15 PM
971
5
cve
cve

CVE-2022-23634

Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly. The combination...

8CVSS

5.6AI Score

0.002EPSS

2022-02-11 10:15 PM
233
5
cve
cve

CVE-2022-23633

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to data....

7.4CVSS

5.6AI Score

0.002EPSS

2022-02-11 09:15 PM
152
2
cve
cve

CVE-2021-44528

A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...

6.1CVSS

5.8AI Score

0.002EPSS

2022-01-10 02:10 PM
64
cve
cve

CVE-2021-41263

rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using rails_multisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker.....

8.8CVSS

8.6AI Score

0.001EPSS

2021-11-15 08:15 PM
44
4
cve
cve

CVE-2011-1497

A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version...

6.1CVSS

5.9AI Score

0.001EPSS

2021-10-19 02:15 PM
36
cve
cve

CVE-2021-22942

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious...

6.1CVSS

6AI Score

0.001EPSS

2021-10-18 01:15 PM
82
cve
cve

CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

6.1CVSS

6AI Score

0.002EPSS

2021-06-11 04:15 PM
64
2
cve
cve

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticate_or_request_with_http_token or...

7.5CVSS

7.4AI Score

0.002EPSS

2021-06-11 04:15 PM
99
3
cve
cve

CVE-2021-22902

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch.....

7.5CVSS

7.2AI Score

0.001EPSS

2021-06-11 04:15 PM
194
5
cve
cve

CVE-2021-22885

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the redirect_to or polymorphic_urlhelper with untrusted user...

7.5CVSS

7.2AI Score

0.008EPSS

2021-05-27 12:15 PM
183
9
cve
cve

CVE-2021-22880

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a...

7.5CVSS

7.1AI Score

0.006EPSS

2021-02-11 06:15 PM
244
11
cve
cve

CVE-2021-22881

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious...

6.1CVSS

6AI Score

0.002EPSS

2021-02-11 06:15 PM
107
7
cve
cve

CVE-2020-36190

RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested...

6.1CVSS

6.1AI Score

0.001EPSS

2021-01-12 08:15 PM
43
2
cve
cve

CVE-2020-8264

In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

6.1CVSS

5.8AI Score

0.001EPSS

2021-01-06 09:15 PM
73
3
cve
cve

CVE-2020-8166

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF...

4.3CVSS

4.5AI Score

0.003EPSS

2020-07-02 07:15 PM
166
cve
cve

CVE-2020-8163

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the locals argument of a render call to perform a...

8.8CVSS

8.5AI Score

0.965EPSS

2020-07-02 07:15 PM
149
5
cve
cve

CVE-2020-8185

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in...

6.5CVSS

6.2AI Score

0.001EPSS

2020-07-02 07:15 PM
150
2
cve
cve

CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an...

9.8CVSS

9.1AI Score

0.666EPSS

2020-06-19 06:15 PM
176
5
Total number of security vulnerabilities150