Vulnerabilities > Rubyonrails
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-10 | CVE-2021-44528 | Open Redirect vulnerability in Rubyonrails Rails 6.0.4.2/6.1.4.2/7.0.0 A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. | 6.1 |
| 2021-10-19 | CVE-2011-1497 | Unspecified vulnerability in Rubyonrails Rails A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6. | 6.1 |
| 2021-10-18 | CVE-2021-22942 | Open Redirect vulnerability in Rubyonrails Rails A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. | 6.1 |
| 2021-06-11 | CVE-2021-22902 | Unspecified vulnerability in Rubyonrails Rails The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. | 7.5 |
| 2021-06-11 | CVE-2021-22903 | Open Redirect vulnerability in Rubyonrails Rails The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. | 6.1 |
| 2021-06-11 | CVE-2021-22904 | Unspecified vulnerability in Rubyonrails Rails The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. | 7.5 |
| 2021-05-27 | CVE-2021-22885 | Information Exposure Through an Error Message vulnerability in multiple products A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. | 7.5 |
| 2021-03-05 | CVE-2019-25025 | Unspecified vulnerability in Rubyonrails Active Record Session Store The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. | 5.3 |
| 2021-02-11 | CVE-2021-22881 | Open Redirect vulnerability in multiple products The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. | 6.1 |
| 2021-02-11 | CVE-2021-22880 | Resource Exhaustion vulnerability in multiple products The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. | 7.5 |