Vulnerabilities > Rubyonrails

DATE CVE VULNERABILITY TITLE RISK
2022-10-26 CVE-2022-3704 Improper Enforcement of Message or Data Structure vulnerability in Rubyonrails Rails
A vulnerability classified as problematic has been found in Ruby on Rails.
network
low complexity
rubyonrails CWE-707
5.4
2022-06-24 CVE-2022-32209 Cross-site Scripting vulnerability in multiple products
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden.
network
low complexity
rubyonrails fedoraproject debian CWE-79
6.1
2022-05-26 CVE-2022-21831 Code Injection vulnerability in multiple products
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.
network
low complexity
rubyonrails debian CWE-94
critical
9.8
2022-05-26 CVE-2022-22577 Cross-site Scripting vulnerability in multiple products
An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.
network
low complexity
rubyonrails debian CWE-79
6.1
2022-05-26 CVE-2022-27777 Cross-site Scripting vulnerability in multiple products
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
network
low complexity
rubyonrails debian CWE-79
6.1
2022-02-11 CVE-2022-23634 Improper Resource Shutdown or Release vulnerability in multiple products
Puma is a Ruby/Rack web server built for parallelism.
network
high complexity
puma rubyonrails debian fedoraproject CWE-404
5.9
2022-02-11 CVE-2022-23633 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Action Pack is a framework for handling and responding to web requests.
network
high complexity
rubyonrails debian CWE-212
5.9
2022-01-10 CVE-2021-44528 Open Redirect vulnerability in Rubyonrails Rails 6.0.4.2/6.1.4.2/7.0.0
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
network
low complexity
rubyonrails CWE-601
6.1
2021-10-19 CVE-2011-1497 Cross-site Scripting vulnerability in Rubyonrails Rails
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
4.3
2021-10-18 CVE-2021-22942 Open Redirect vulnerability in Rubyonrails Rails
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.
network
low complexity
rubyonrails CWE-601
6.1