Vulnerabilities > Rubyonrails
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-09 | CVE-2023-22792 | Unspecified vulnerability in Rubyonrails Rails A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. | 7.5 |
2023-02-09 | CVE-2023-22795 | A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. | 7.5 |
2023-02-09 | CVE-2023-22797 | Open Redirect vulnerability in multiple products An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. | 6.1 |
2023-02-09 | CVE-2023-22799 | Unspecified vulnerability in Rubyonrails Globalid A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. | 7.5 |
2022-12-14 | CVE-2022-23520 | Cross-site Scripting vulnerability in multiple products rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. | 6.1 |
2022-12-14 | CVE-2022-23517 | rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. | 7.5 |
2022-12-14 | CVE-2022-23518 | Cross-site Scripting vulnerability in multiple products rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. | 6.1 |
2022-12-14 | CVE-2022-23519 | Cross-site Scripting vulnerability in multiple products rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. | 6.1 |
2022-10-26 | CVE-2022-3704 | Improper Enforcement of Message or Data Structure vulnerability in Rubyonrails Rails A vulnerability classified as problematic has been found in Ruby on Rails. | 5.4 |
2022-06-24 | CVE-2022-32209 | Cross-site Scripting vulnerability in multiple products # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. | 6.1 |