Vulnerabilities > Rubyonrails > High

DATE CVE VULNERABILITY TITLE RISK
2016-04-07 CVE-2016-2098 Improper Input Validation vulnerability in multiple products
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
network
low complexity
debian rubyonrails CWE-20
7.3
7.3
2016-02-16 CVE-2016-0752 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a ..
network
low complexity
rubyonrails opensuse suse debian redhat CWE-22
7.5
7.5
2016-02-16 CVE-2016-0751 Resource Management Errors vulnerability in Rubyonrails Ruby on Rails
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
network
low complexity
rubyonrails CWE-399
7.5
7.5
2016-02-16 CVE-2015-7581 Resource Management Errors vulnerability in Rubyonrails Rails
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.
network
low complexity
rubyonrails CWE-399
7.5
7.5
2014-05-07 CVE-2014-0130 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
network
low complexity
redhat rubyonrails CWE-22
7.5
7.5