Rubyonrails

Rails

111 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-22880

Exploit
  • EPSS 5.88%
  • Published 11.02.2021 18:15:17
  • Last modified 21.11.2024 05:50:49

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter i...

6.1

CVE-2021-22881

Exploit
  • EPSS 6.85%
  • Published 11.02.2021 18:15:17
  • Last modified 21.11.2024 05:50:49

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in A...

6.1

CVE-2020-8264

Exploit
  • EPSS 0.35%
  • Published 06.01.2021 21:15:14
  • Last modified 21.11.2024 05:38:37

In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in t...

8.8

CVE-2020-8163

Exploit
  • EPSS 90.74%
  • Published 02.07.2020 19:15:12
  • Last modified 21.11.2024 05:38:24

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

4.3

CVE-2020-8166

Exploit
  • EPSS 0.44%
  • Published 02.07.2020 19:15:12
  • Last modified 21.11.2024 05:38:25

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

6.5

CVE-2020-8185

  • EPSS 1.07%
  • Published 02.07.2020 19:15:12
  • Last modified 21.11.2024 05:38:27

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

9.8

CVE-2020-8165

Exploit
  • EPSS 90.13%
  • Published 19.06.2020 18:15:11
  • Last modified 09.05.2025 20:15:36

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

6.5

CVE-2020-8167

Exploit
  • EPSS 0.59%
  • Published 19.06.2020 18:15:11
  • Last modified 21.11.2024 05:38:25

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

7.5

CVE-2020-8162

Exploit
  • EPSS 1.55%
  • Published 19.06.2020 17:15:18
  • Last modified 21.11.2024 05:38:24

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

7.5

CVE-2020-8164

Exploit
  • EPSS 7.52%
  • Published 19.06.2020 17:15:18
  • Last modified 21.11.2024 05:38:25

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.