Vulnerabilities > Rubyonrails > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-26 | CVE-2022-27777 | Cross-site Scripting vulnerability in multiple products A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | 6.1 |
| 2022-02-11 | CVE-2022-23634 | Improper Resource Shutdown or Release vulnerability in multiple products Puma is a Ruby/Rack web server built for parallelism. | 5.9 |
| 2022-02-11 | CVE-2022-23633 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Action Pack is a framework for handling and responding to web requests. | 5.9 |
| 2022-01-10 | CVE-2021-44528 | Open Redirect vulnerability in Rubyonrails Rails 6.0.4.2/6.1.4.2/7.0.0 A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. | 6.1 |
| 2021-10-19 | CVE-2011-1497 | Unspecified vulnerability in Rubyonrails Rails A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6. | 6.1 |
| 2021-10-18 | CVE-2021-22942 | Open Redirect vulnerability in Rubyonrails Rails A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. | 6.1 |
| 2021-06-11 | CVE-2021-22903 | Open Redirect vulnerability in Rubyonrails Rails The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. | 6.1 |
| 2021-03-05 | CVE-2019-25025 | Unspecified vulnerability in Rubyonrails Active Record Session Store The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. | 5.3 |
| 2021-02-11 | CVE-2021-22881 | Open Redirect vulnerability in multiple products The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. | 6.1 |
| 2021-01-06 | CVE-2020-8264 | Cross-site Scripting vulnerability in Rubyonrails Rails In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. | 6.1 |