Vulnerabilities > Rubyonrails > Rails > 4.2.11.1

DATE CVE VULNERABILITY TITLE RISK
2019-03-27 CVE-2019-5420 Use of Insufficiently Random Values vulnerability in multiple products
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token.
network
low complexity
rubyonrails debian fedoraproject CWE-330
critical
 9.8
9.8
2017-12-29 CVE-2017-17917 SQL Injection vulnerability in Rubyonrails Rails
SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter.
network
high complexity
rubyonrails CWE-89
8.1
8.1
2017-12-29 CVE-2017-17916 SQL Injection vulnerability in Rubyonrails Rails
SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter.
network
high complexity
rubyonrails CWE-89
8.1
8.1