Rails Security Vulnerabilities and Issues — Rails CVE List

Lucene search

RubyonrailsRails

3 matches found

CVE•added 2021/06/11 4:15 p.m.•223 views

CVE-2021-22902

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

7.5CVSS7.2AI score0.01063EPSS

CVE•added 2021/06/11 4:15 p.m.•131 views

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticate_or_request_with_http_token or authenticate_with_...

7.5CVSS7.4AI score0.06405EPSS

CVE•added 2021/06/11 4:15 p.m.•84 views

CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2...

6.1CVSS6AI score0.06852EPSS