Rubyonrails Rails vulnerabilities

CVE-2024-26142 [HIGH] CWE-1333 CVE-2024-26142: Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerabi Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.

CVE-2024-26143 [MEDIUM] CWE-79 CVE-2024-26143: Rails is a web-application framework. There is a possible XSS vulnerability when using the translati Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html", a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptib

CVE-2024-26144 [MEDIUM] CWE-200 CVE-2024-26144: Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive ses Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an inform

CVE-2023-22792 [HIGH] CWE-400 CVE-2023-22792: A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Sp A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to

CVE-2022-44566 [HIGH] CVE-2022-44566: A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7 A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Ser

CVE-2023-22794 [HIGH] CVE-2023-22794: A vulnerability in ActiveRecord <6 A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.

CVE-2023-22795 [HIGH] CWE-400 CVE-2023-22795: A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and

CVE-2023-22796 [HIGH] CVE-2023-22796: A regular expression based DoS vulnerability in Active Support <6 A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.

CVE-2023-22797 [MEDIUM] CWE-601 CVE-2023-22797: An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redire An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an

CVE-2022-32224 [CRITICAL] CVE-2022-32224: A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7 A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

CVE-2022-21831 [CRITICAL] CVE-2022-21831: A code injection vulnerability exists in the Active Storage >= v5 A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

CVE-2022-27777 [MEDIUM] CVE-2022-27777: A XSS Vulnerability in Action View tag helpers >= 5 A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

CVE-2022-22577 [MEDIUM] CVE-2022-22577: An XSS Vulnerability in Action Pack >= 5 An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

CVE-2022-23633 [MEDIUM] CWE-200 CVE-2022-23633: Action Pack is a framework for handling and responding to web requests. Under certain circumstances Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has be

CVE-2022-23634 [MEDIUM] CWE-200 CVE-2022-23634: Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may no Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing t

CVE-2021-44528 [MEDIUM] CWE-601 CVE-2021-44528: A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

CVE-2011-1497 [MEDIUM] CWE-79 CVE-2011-1497: A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before versio A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.

CVE-2021-22942 [MEDIUM] CWE-601 CVE-2021-22942: A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

CVE-2021-22904 [HIGH] CWE-400 CVE-2021-22904: The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of se The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.

CVE-2021-22902 [HIGH] CWE-400 CVE-2021-22902: The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6. The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expressi