Vulnerabilities > Rubyonrails > Rails > 4.0.12

DATE CVE VULNERABILITY TITLE RISK
2019-03-27 CVE-2019-5419 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
7.5
2019-03-27 CVE-2019-5418 There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. 7.5
2017-12-29 CVE-2017-17917 SQL Injection vulnerability in Rubyonrails Rails
SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter.
network
high complexity
rubyonrails CWE-89
8.1
2017-12-29 CVE-2017-17916 SQL Injection vulnerability in Rubyonrails Rails
SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter.
network
high complexity
rubyonrails CWE-89
8.1
2016-02-16 CVE-2016-0752 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a ..
network
low complexity
rubyonrails opensuse suse debian redhat CWE-22
7.5