Vulnerabilities (CVE)

Filtered by vendor Rubyonrails Subscribe
Total 116 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22903 1 Rubyonrails 1 Rails 2021-10-21 5.8 MEDIUM 6.1 MEDIUM
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.
CVE-2020-8151 2 Fedoraproject, Rubyonrails 2 Fedora, Active Resource 2021-10-07 5.0 MEDIUM 7.5 HIGH
There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.
CVE-2021-22904 1 Rubyonrails 1 Rails 2021-09-20 5.0 MEDIUM 7.5 HIGH
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.
CVE-2021-22902 1 Rubyonrails 1 Rails 2021-08-18 5.0 MEDIUM 7.5 HIGH
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.
CVE-2019-25025 1 Rubyonrails 1 Active Record Session Store 2021-03-15 5.0 MEDIUM 5.3 MEDIUM
The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782.
CVE-2020-8264 1 Rubyonrails 1 Rails 2021-01-12 4.3 MEDIUM 6.1 MEDIUM
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.
CVE-2020-8166 2 Debian, Rubyonrails 2 Debian Linux, Rails 2020-11-20 4.3 MEDIUM 4.3 MEDIUM
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
CVE-2019-5418 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2020-10-16 5.0 MEDIUM 7.5 HIGH
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVE-2019-5419 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2020-10-16 7.8 HIGH 7.5 HIGH
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
CVE-2020-5267 2 Debian, Rubyonrails 2 Debian Linux, Actionview 2020-10-05 3.5 LOW 4.8 MEDIUM
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
CVE-2010-3299 2 Debian, Rubyonrails 2 Debian Linux, Rails 2019-11-15 4.3 MEDIUM 6.5 MEDIUM
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.
CVE-2018-3741 1 Rubyonrails 1 Html Sanitizer 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.
CVE-2018-16476 2 Redhat, Rubyonrails 2 Cloudforms, Rails 2019-10-09 5.0 MEDIUM 7.5 HIGH
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.
CVE-2018-16477 1 Rubyonrails 1 Rails 2019-10-09 4.3 MEDIUM 6.5 MEDIUM
A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.
CVE-2016-6316 2 Debian, Rubyonrails 3 Debian Linux, Rails, Ruby On Rails 2019-08-08 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.
CVE-2016-0752 1 Rubyonrails 2 Rails, Ruby On Rails 2019-08-08 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
CVE-2016-0751 1 Rubyonrails 2 Rails, Ruby On Rails 2019-08-08 5.0 MEDIUM 7.5 HIGH
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
CVE-2016-0753 1 Rubyonrails 2 Rails, Ruby On Rails 2019-08-08 5.0 MEDIUM 5.3 MEDIUM
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
CVE-2015-7577 1 Rubyonrails 2 Rails, Ruby On Rails 2019-08-08 5.0 MEDIUM 5.3 MEDIUM
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.
CVE-2015-7576 1 Rubyonrails 2 Rails, Ruby On Rails 2019-08-08 4.3 MEDIUM 3.7 LOW
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.