Vulnerabilities > Rubyonrails > Rails > 1.1.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-11-21 | CVE-2007-6077 | Race Condition vulnerability in Rubyonrails Rails 1.2.4 The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. | 6.8 |
2007-06-14 | CVE-2007-3227 | Cross-Site Scripting vulnerability in Rubyonrails Rails 1.1.5 Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values. | 4.3 |