Vulnerabilities > Rubyonrails > Rails > 6.0.3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-11 | CVE-2021-22880 | Resource Exhaustion vulnerability in multiple products The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. | 7.5 |
| 2021-01-06 | CVE-2020-8264 | Cross-site Scripting vulnerability in Rubyonrails Rails In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. | 6.1 |
| 2020-07-02 | CVE-2020-8185 | Resource Exhaustion vulnerability in multiple products A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. | 6.5 |