Rails@5.2.0 Security Vulnerabilities and Issues — Rails@5.2.0 CVE List

Lucene search

RubyonrailsRails5.2.0

5 matches found

CVE•added 2019/03/27 2:29 p.m.•382 views

CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2,

7.5CVSS8.3AI score0.94336EPSS

In wildWeb

CVE•added 2019/03/27 2:29 p.m.•254 views

CVE-2019-5419

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2,

7.8CVSS8.1AI score0.09057EPSS

Web

CVE•added 2024/02/27 4:15 p.m.•154 views

CVE-2024-26144

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain pr...

5.3CVSS5.2AI score0.02313EPSS

CVE•added 2018/11/30 7:29 p.m.•92 views

CVE-2018-16476

A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5...

7.5CVSS7.2AI score0.00822EPSS

CVE•added 2018/11/30 7:29 p.m.•80 views

CVE-2018-16477

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as...

6.5CVSS6.2AI score0.0026EPSS