Vulnerabilities > Rubyonrails > Ruby ON Rails > 3.2.19

DATE CVE VULNERABILITY TITLE RISK
2016-09-07 CVE-2016-6316 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.
network
low complexity
rubyonrails debian CWE-79
6.1
6.1
2014-11-18 CVE-2014-7829 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \ (backslash) character, a similar issue to CVE-2014-7818.
network
low complexity
opensuse rubyonrails CWE-22
5.0
5.0
2014-11-08 CVE-2014-7818 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. 		4.3
4.3