Vulnerabilities > Rubyonrails

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2022-23634 Information Exposure vulnerability in multiple products
Puma is a Ruby/Rack web server built for parallelism.
4.3
2022-02-11 CVE-2022-23633 Unspecified vulnerability in Rubyonrails Rails
Action Pack is a framework for handling and responding to web requests.
network
rubyonrails
4.3
2022-01-10 CVE-2021-44528 Open Redirect vulnerability in Rubyonrails Rails 6.0.4.2/6.1.4.2/7.0.0
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
5.8
2021-10-19 CVE-2011-1497 Cross-site Scripting vulnerability in Rubyonrails Rails
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
4.3
2021-10-18 CVE-2021-22942 Open Redirect vulnerability in Rubyonrails Rails
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.
5.8
2021-06-11 CVE-2021-22902 Unspecified vulnerability in Rubyonrails Rails
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch.
network
low complexity
rubyonrails
5.0
2021-06-11 CVE-2021-22903 Open Redirect vulnerability in Rubyonrails Rails
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability.
5.8
2021-06-11 CVE-2021-22904 Unspecified vulnerability in Rubyonrails Rails
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression.
network
low complexity
rubyonrails
5.0
2021-05-27 CVE-2021-22885 Information Exposure Through an Error Message vulnerability in multiple products
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
network
low complexity
rubyonrails debian CWE-209
5.0
2021-03-05 CVE-2019-25025 Unspecified vulnerability in Rubyonrails Active Record Session Store
The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid.
network
low complexity
rubyonrails
5.0