Total
106 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-22881 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Rails | 2022-01-04 | 5.8 MEDIUM | 6.1 MEDIUM |
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website. | |||||
CVE-2021-22880 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Rails | 2022-01-04 | 5.0 MEDIUM | 7.5 HIGH |
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input. | |||||
CVE-2019-5420 | 3 Debian, Fedoraproject, Rubyonrails | 3 Debian Linux, Fedora, Rails | 2021-11-03 | 7.5 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. | |||||
CVE-2011-1497 | 1 Rubyonrails | 1 Rails | 2021-10-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6. | |||||
CVE-2020-8185 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Rails | 2021-10-21 | 4.0 MEDIUM | 6.5 MEDIUM |
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. | |||||
CVE-2020-8167 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2021-10-21 | 4.3 MEDIUM | 6.5 MEDIUM |
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. | |||||
CVE-2021-22903 | 1 Rubyonrails | 1 Rails | 2021-10-21 | 5.8 MEDIUM | 6.1 MEDIUM |
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`. | |||||
CVE-2021-22904 | 1 Rubyonrails | 1 Rails | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. | |||||
CVE-2021-22902 | 1 Rubyonrails | 1 Rails | 2021-08-18 | 5.0 MEDIUM | 7.5 HIGH |
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. | |||||
CVE-2020-8264 | 1 Rubyonrails | 1 Rails | 2021-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware. | |||||
CVE-2020-8166 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2020-11-20 | 4.3 MEDIUM | 4.3 MEDIUM |
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. | |||||
CVE-2019-5419 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2020-10-16 | 7.8 HIGH | 7.5 HIGH |
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. | |||||
CVE-2019-5418 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2020-10-16 | 5.0 MEDIUM | 7.5 HIGH |
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. | |||||
CVE-2010-3299 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2019-11-14 | 4.3 MEDIUM | 6.5 MEDIUM |
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | |||||
CVE-2018-16476 | 2 Redhat, Rubyonrails | 2 Cloudforms, Rails | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1. | |||||
CVE-2018-16477 | 1 Rubyonrails | 1 Rails | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1. | |||||
CVE-2014-3483 | 1 Rubyonrails | 1 Rails | 2019-08-08 | 7.5 HIGH | N/A |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting. | |||||
CVE-2014-3514 | 1 Rubyonrails | 1 Rails | 2019-08-08 | 7.5 HIGH | N/A |
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls. | |||||
CVE-2016-2098 | 2 Debian, Rubyonrails | 3 Debian Linux, Rails, Ruby On Rails | 2019-08-08 | 7.5 HIGH | 7.3 HIGH |
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. | |||||
CVE-2016-2097 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752. |