Vulnerabilities > Rubyonrails > Rails > 1.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-11-21 | CVE-2007-6077 | Race Condition vulnerability in Rubyonrails Rails 1.2.4 The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. | 6.8 |
2006-08-14 | CVE-2006-4111 | Code Injection vulnerability in Rubyonrails Rails and Ruby ON Rails Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112. | 7.5 |