Vulnerabilities > Rubyonrails > Rails > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-04 | CVE-2024-32464 | Cross-site Scripting vulnerability in Rubyonrails Rails Action Text brings rich text content and editing to Rails. | 6.1 |
| 2023-02-09 | CVE-2023-22797 | Open Redirect vulnerability in multiple products An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. | 6.1 |
| 2022-10-26 | CVE-2022-3704 | Improper Enforcement of Message or Data Structure vulnerability in Rubyonrails Rails A vulnerability classified as problematic has been found in Ruby on Rails. | 5.4 |
| 2022-02-11 | CVE-2022-23634 | Improper Resource Shutdown or Release vulnerability in multiple products Puma is a Ruby/Rack web server built for parallelism. | 5.9 |
| 2022-02-11 | CVE-2022-23633 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Action Pack is a framework for handling and responding to web requests. | 5.9 |
| 2022-01-10 | CVE-2021-44528 | Open Redirect vulnerability in Rubyonrails Rails 6.0.4.2/6.1.4.2/7.0.0 A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. | 6.1 |
| 2021-10-19 | CVE-2011-1497 | Cross-site Scripting vulnerability in Rubyonrails Rails A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6. | 4.3 |
| 2021-10-18 | CVE-2021-22942 | Open Redirect vulnerability in Rubyonrails Rails A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. | 6.1 |
| 2021-06-11 | CVE-2021-22902 | Unspecified vulnerability in Rubyonrails Rails The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. | 5.0 |
| 2021-06-11 | CVE-2021-22903 | Open Redirect vulnerability in Rubyonrails Rails The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. | 5.8 |