Rails@* Security Vulnerabilities and Issues — Rails@* CVE List

Lucene search

RubyonrailsRails*

9 matches found

CVE•added 2021/02/11 6:15 p.m.•270 views

CVE-2021-22880

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the money type of the PostgreSQL adapter in Active Record to spend too much time in a regular...

7.5CVSS7.1AI score0.06365EPSS

CVE•added 2021/06/11 4:15 p.m.•220 views

CVE-2021-22902

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

7.5CVSS7.2AI score0.01304EPSS

CVE•added 2021/05/27 12:15 p.m.•213 views

CVE-2021-22885

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the redirect_to or polymorphic_urlhelper with untrusted user input.

7.5CVSS7.2AI score0.00787EPSS

CVE•added 2021/02/11 6:15 p.m.•137 views

CVE-2021-22881

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website...

6.1CVSS6AI score0.06304EPSS

CVE•added 2021/06/11 4:15 p.m.•128 views

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticate_or_request_with_http_token or authenticate_with_...

7.5CVSS7.4AI score0.0618EPSS

CVE•added 2021/10/18 1:15 p.m.•105 views

CVE-2021-22942

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

6.1CVSS6AI score0.00382EPSS

CVE•added 2021/01/06 9:15 p.m.•94 views

CVE-2020-8264

In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vuln...

6.1CVSS5.8AI score0.0045EPSS

CVE•added 2021/06/11 4:15 p.m.•84 views

CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2...

6.1CVSS6AI score0.06304EPSS

CVE•added 2021/10/19 2:15 p.m.•67 views

CVE-2011-1497

A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.

6.1CVSS5.9AI score0.00328EPSS