Rails@* Security Vulnerabilities and Issues — Rails@* CVE List

Lucene search

RubyonrailsRails*

14 matches found

CVE•added 2016/02/16 2:59 a.m.•1064 views

CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a...

7.5CVSS6.1AI score0.92705EPSS

In wildWeb

CVE•added 2014/05/07 10:55 a.m.•1060 views

CVE-2014-0130

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files v...

7.5CVSS6.3AI score0.43668EPSS

In wildWeb

CVE•added 2023/02/09 8:15 p.m.•388 views

CVE-2023-22795

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and

7.5CVSS7.3AI score0.01261EPSS

CVE•added 2019/03/27 2:29 p.m.•284 views

CVE-2019-5420

A remote code execution vulnerability in development mode Rails <5.2.2.1,

9.8CVSS9.5AI score0.93756EPSS

CVE•added 2019/03/27 2:29 p.m.•254 views

CVE-2019-5419

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2,

7.8CVSS8.1AI score0.09057EPSS

Web

CVE•added 2020/06/19 6:15 p.m.•230 views

CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails

9.8CVSS9.1AI score0.90958EPSS

CVE•added 2020/07/02 7:15 p.m.•218 views

CVE-2020-8166

A CSRF forgery vulnerability exists in rails < 5.2.5, rails

4.3CVSS4.5AI score0.00443EPSS

CVE•added 2020/06/19 5:15 p.m.•205 views

CVE-2020-8164

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails

7.5CVSS8AI score0.07752EPSS

CVE•added 2020/06/19 6:15 p.m.•192 views

CVE-2020-8167

A CSRF vulnerability exists in rails

6.5CVSS7.5AI score0.00592EPSS

CVE•added 2020/07/02 7:15 p.m.•190 views

CVE-2020-8163

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the locals argument of a render call to perform a RCE.

8.8CVSS8.5AI score0.90743EPSS

CVE•added 2021/06/11 4:15 p.m.•138 views

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticate_or_request_with_http_token or authenticate_with_...

7.5CVSS7.4AI score0.06405EPSS

CVE•added 2020/06/19 5:15 p.m.•116 views

CVE-2020-8162

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails

7.5CVSS7.2AI score0.01549EPSS

CVE•added 2013/01/04 4:46 a.m.•81 views

CVE-2012-6497

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as de...

5CVSS7.2AI score0.02213EPSS

CVE•added 2021/10/19 2:15 p.m.•68 views

CVE-2011-1497

A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.

6.1CVSS5.9AI score0.00328EPSS