2 matches found
PT-2026-27262
Name of the Vulnerable Software and Affected Versions Rails versions prior to 8.1.2.1 Rails versions prior to 8.0.4.1 Rails versions prior to 7.2.3.1 Description Active Storage in Rails applications allows users to attach cloud and local files. The DiskServicepath for function does not validate...
Ruby on Rails SQL Injection Vulnerability (CNVD-2018-01350)
Ruby on Rails is a Web application development framework written in the Ruby language. A SQL injection vulnerability exists in the 'findby' method in Ruby on Rails 5.1.4 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via the 'name' parameter...