Vulnerabilities > Rubyonrails > Rails > 1.0.0

DATE CVE VULNERABILITY TITLE RISK
2023-02-09 CVE-2023-22795 A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header.
network
low complexity
rubyonrails debian
7.5
2021-10-19 CVE-2011-1497 Cross-site Scripting vulnerability in Rubyonrails Rails
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
4.3
2021-06-11 CVE-2021-22904 Unspecified vulnerability in Rubyonrails Rails
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression.
network
low complexity
rubyonrails
5.0
2020-07-02 CVE-2020-8166 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
4.3
2020-07-02 CVE-2020-8163 Code Injection vulnerability in multiple products
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
network
low complexity
rubyonrails debian CWE-94
6.5
2020-06-19 CVE-2020-8167 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
4.3
2020-06-19 CVE-2020-8165 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
network
low complexity
rubyonrails debian opensuse CWE-502
7.5
2020-06-19 CVE-2020-8164 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
network
low complexity
rubyonrails debian opensuse CWE-502
5.0
2020-06-19 CVE-2020-8162 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
network
low complexity
rubyonrails debian CWE-434
5.0
2019-03-27 CVE-2019-5420 Use of Insufficiently Random Values vulnerability in multiple products
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token.
network
low complexity
rubyonrails debian fedoraproject CWE-330
critical
9.8