Rubyonrails

Rails

111 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-7829

Exploit
  • EPSS 0.27%
  • Published 18.11.2014 23:59:03
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, al...

5

CVE-2014-3916

  • EPSS 0.49%
  • Published 16.11.2014 17:59:04
  • Last modified 12.04.2025 10:46:40

The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.

4.3

CVE-2014-7818

  • EPSS 0.3%
  • Published 08.11.2014 11:55:02
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, al...

7.5

CVE-2014-3514

  • EPSS 0.33%
  • Published 20.08.2014 11:17:14
  • Last modified 12.04.2025 10:46:40

activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that...

7.5

CVE-2014-3482

  • EPSS 1.44%
  • Published 07.07.2014 11:01:30
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands b...

7.5

CVE-2014-3483

  • EPSS 1.25%
  • Published 07.07.2014 11:01:30
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary ...

7.5

CVE-2014-0130

Warning
  • EPSS 43.67%
  • Published 07.05.2014 10:55:04
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, ...

4.3

CVE-2014-0081

  • EPSS 0.89%
  • Published 20.02.2014 15:27:09
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML ...

5

CVE-2014-0082

  • EPSS 6.46%
  • Published 20.02.2014 15:27:09
  • Last modified 11.04.2025 00:51:21

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memor...

6.8

CVE-2014-0080

  • EPSS 0.25%
  • Published 20.02.2014 15:27:02
  • Last modified 11.04.2025 00:51:21

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL com...