Rails Security Vulnerabilities and Issues — Rails CVE List

Lucene search

RubyonrailsRails

4 matches found

CVE•added 2022/02/11 10:15 p.m.•286 views

CVE-2022-23634

Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly. The combination of...

8CVSS6.4AI score0.00369EPSS

CVE•added 2020/07/02 7:15 p.m.•190 views

CVE-2020-8163

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the locals argument of a render call to perform a RCE.

8.8CVSS8.5AI score0.90743EPSS

CVE•added 2017/12/29 4:29 p.m.•57 views

CVE-2017-17917

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input

8.1CVSS8.6AI score0.01779EPSS

CVE•added 2017/12/29 4:29 p.m.•56 views

CVE-2017-17916

SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted in...

8.1CVSS8.6AI score0.00586EPSS