Vulnerabilities > Rubyonrails > Rails > 6.0.1

DATE CVE VULNERABILITY TITLE RISK
2023-02-09 CVE-2023-22792 Unspecified vulnerability in Rubyonrails Rails
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1.
network
low complexity
rubyonrails
7.5
2023-02-09 CVE-2023-22795 A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header.
network
low complexity
rubyonrails debian
7.5
2022-02-11 CVE-2022-23634 Improper Resource Shutdown or Release vulnerability in multiple products
Puma is a Ruby/Rack web server built for parallelism.
network
high complexity
puma rubyonrails debian fedoraproject CWE-404
5.9
2022-02-11 CVE-2022-23633 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
Action Pack is a framework for handling and responding to web requests.
network
high complexity
rubyonrails debian CWE-212
5.9
2021-10-18 CVE-2021-22942 Open Redirect vulnerability in Rubyonrails Rails
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.
network
low complexity
rubyonrails CWE-601
6.1
2021-06-11 CVE-2021-22902 Unspecified vulnerability in Rubyonrails Rails
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch.
network
low complexity
rubyonrails
5.0
2021-06-11 CVE-2021-22904 Unspecified vulnerability in Rubyonrails Rails
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression.
network
low complexity
rubyonrails
5.0
2021-05-27 CVE-2021-22885 Information Exposure Through an Error Message vulnerability in multiple products
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
network
low complexity
rubyonrails debian CWE-209
5.0
2021-02-11 CVE-2021-22881 Open Redirect vulnerability in multiple products
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability.
network
low complexity
rubyonrails fedoraproject CWE-601
6.1
2021-02-11 CVE-2021-22880 Resource Exhaustion vulnerability in multiple products
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability.
network
low complexity
rubyonrails fedoraproject CWE-400
7.5