Vulnerabilities > Rubyonrails

DATE CVE VULNERABILITY TITLE RISK
2023-02-09 CVE-2023-22792 Unspecified vulnerability in Rubyonrails Rails
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1.
network
low complexity
rubyonrails
7.5
2023-02-09 CVE-2023-22795 A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header.
network
low complexity
rubyonrails debian
7.5
2023-02-09 CVE-2023-22797 Open Redirect vulnerability in multiple products
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input.
network
low complexity
rubyonrails actionpack-project CWE-601
6.1
2023-02-09 CVE-2023-22799 Unspecified vulnerability in Rubyonrails Globalid
A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time.
network
low complexity
rubyonrails
7.5
2022-12-14 CVE-2022-23520 Cross-site Scripting vulnerability in multiple products
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications.
network
low complexity
rubyonrails debian CWE-79
6.1
2022-12-14 CVE-2022-23517 rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications.
network
low complexity
rubyonrails debian
7.5
2022-12-14 CVE-2022-23518 Cross-site Scripting vulnerability in multiple products
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications.
network
low complexity
rubyonrails debian loofah-project CWE-79
6.1
2022-12-14 CVE-2022-23519 Cross-site Scripting vulnerability in multiple products
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications.
network
low complexity
rubyonrails debian CWE-79
6.1
2022-10-26 CVE-2022-3704 Improper Enforcement of Message or Data Structure vulnerability in Rubyonrails Rails
A vulnerability classified as problematic has been found in Ruby on Rails.
network
low complexity
rubyonrails CWE-707
5.4
2022-06-24 CVE-2022-32209 Cross-site Scripting vulnerability in multiple products
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden.
network
low complexity
rubyonrails fedoraproject debian CWE-79
6.1