Ruby On Rails@0.6.0 Security Vulnerabilities and Issues — Ruby On Rails@0.6.0 CVE List

Lucene search

RubyonrailsRuby On Rails0.6.0

9 matches found

CVE•added 2014/02/20 3:27 p.m.•114 views

CVE-2014-0081

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) u...

4.3CVSS5.9AI score0.00885EPSS

CVE•added 2013/03/19 10:55 p.m.•111 views

CVE-2013-1855

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to ...

4.3CVSS5.5AI score0.00536EPSS

CVE•added 2012/08/10 10:34 a.m.•109 views

CVE-2012-3464

Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.

4.3CVSS5.3AI score0.00333EPSS

CVE•added 2013/03/19 10:55 p.m.•100 views

CVE-2013-1857

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote atta...

4.3CVSS5.4AI score0.00625EPSS

CVE•added 2012/08/10 10:34 a.m.•98 views

CVE-2012-3465

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

4.3CVSS5.5AI score0.00333EPSS

CVE•added 2006/08/14 9:4 p.m.•93 views

CVE-2006-4111

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.

7.5CVSS6.8AI score0.06983EPSS

CVE•added 2009/12/07 5:30 p.m.•88 views

CVE-2009-4214

Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_control...

4.3CVSS7.8AI score0.01632EPSS

CVE•added 2008/09/30 5:22 p.m.•83 views

CVE-2008-4094

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.

7.5CVSS10AI score0.02897EPSS

CVE•added 2008/11/21 12:0 p.m.•77 views

CVE-2008-5189

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

5CVSS6.5AI score0.00189EPSS