Vulnerabilities > Rubyonrails > Rails > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-04 CVE-2024-28103 Unspecified vulnerability in Rubyonrails Rails
Action Pack is a framework for handling and responding to web requests.
network
low complexity
rubyonrails
critical
 9.8
9.8
2020-06-19 CVE-2020-8165 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
network
low complexity
rubyonrails debian opensuse CWE-502
critical
 9.8
9.8
2019-03-27 CVE-2019-5420 Use of Insufficiently Random Values vulnerability in multiple products
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token.
network
low complexity
rubyonrails debian fedoraproject CWE-330
critical
 9.8
9.8