Rails

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-09	CVE-2023-22792	Unspecified vulnerability in Rubyonrails Rails A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. network low complexity rubyonrails	7.5
2023-02-09	CVE-2023-22795	A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. network low complexity rubyonrails debian	7.5
2023-02-09	CVE-2023-22797	Open Redirect vulnerability in multiple products An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. network low complexity rubyonrails actionpack-project CWE-601	6.1
2022-10-26	CVE-2022-3704	Improper Enforcement of Message or Data Structure vulnerability in Rubyonrails Rails A vulnerability classified as problematic has been found in Ruby on Rails. network low complexity rubyonrails CWE-707	5.4
2022-02-11	CVE-2022-23634	Improper Resource Shutdown or Release vulnerability in multiple products Puma is a Ruby/Rack web server built for parallelism. network high complexity puma rubyonrails debian fedoraproject CWE-404	5.9
2022-02-11	CVE-2022-23633	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Action Pack is a framework for handling and responding to web requests. network high complexity rubyonrails debian CWE-212	5.9
2022-01-10	CVE-2021-44528	Open Redirect vulnerability in Rubyonrails Rails 6.0.4.2/6.1.4.2/7.0.0 A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. network low complexity rubyonrails CWE-601	6.1
2021-10-19	CVE-2011-1497	Cross-site Scripting vulnerability in Rubyonrails Rails A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6. network rubyonrails CWE-79	4.3
2021-10-18	CVE-2021-22942	Open Redirect vulnerability in Rubyonrails Rails A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. network low complexity rubyonrails CWE-601	6.1
2021-06-11	CVE-2021-22902	Unspecified vulnerability in Rubyonrails Rails The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. network low complexity rubyonrails	5.0