2118 matches found
Ruby on Rails - Open Redirect via Host Header Injection
Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...
Timing Attack
Overview pay is a package for processing payments in Ruby on Rails apps Affected versions of this package are vulnerable to Timing Attack via the validsignature? function. An attacker can recover valid webhook signatures by sending multiple requests with crafted Paddle-Signature header values and...
GHSA-WJV4-X9W8-WM3H vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, logstash, kube-logging-operator, logstash-fips, ruby4.0-rails, pact-broker-docker-fips, pact-broker-docker...
GHSA-H8W8-99G7-QMVJ vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, ruby3.4-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby3.2-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.3-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails...
CVE-2026-54904 vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, ruby3.4-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby3.2-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.3-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails...
CVE-2026-54905 vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, ruby3.4-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby3.2-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.3-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails...
GHSA-8678-W3JW-XFC2 vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, logstash, kube-logging-operator, logstash-fips, ruby4.0-rails, pact-broker-docker-fips, pact-broker-docker...
GHSA-5V8H-3H3Q-446P vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, logstash, kube-logging-operator, logstash-fips, ruby4.0-rails, pact-broker-docker-fips, pact-broker-docker...
GHSA-5PRR-V3J2-97MH vulnerabilities
Vulnerabilities for packages: kube-logging-operator, ruby3.4-rails, ruby3.2-rails, logstash, ruby3.3-rails...
CVE-2026-54906 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, kube-logging-operator, ruby3.3-rails, ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-rails, ruby4.0-fluentd-kubernetes-daemonset, ruby3.2-rails, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset...
GHSA-WV3X-4VXV-WHPP vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, kube-logging-operator, ruby3.3-rails, ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-rails, ruby4.0-fluentd-kubernetes-daemonset, ruby3.2-rails, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset...
GHSA-WFPW-MMFH-QQ69 vulnerabilities
Vulnerabilities for packages: kube-logging-operator, ruby3.4-rails, ruby3.2-rails, logstash, ruby3.3-rails...
Astra Linux – Vulnerability in ruby-rails-html-sanitizer
Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there was a potential XSS vulnerability with certain configurations of Rails::Html::Sanitizer, due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer might allow an attacke...
Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)
Question Is the Network IPS system affected by Ruby on Rails vulnerabilities? "Product":"code":"SS9SBT","label":"Proventia Network Intrusion Prevention System","Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Component":"General...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Tuzitio Camaleon_Cms
HTB Facts — Full Writeup Difficulty: Medium OS: Lin...
Linux Distros Unpatched Vulnerability : CVE-2026-44837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint...
CVE-2026-44837
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
DEBIAN-CVE-2026-44837
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
EUVD-2026-31971
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
CVE-2026-44837
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...