Rubyonrails Rails vulnerabilities

CVE-2023-22794 [HIGH] CVE-2023-22794: A vulnerability in ActiveRecord <6 A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.

CVE-2011-3187 [MEDIUM] CWE-20 CVE-2011-3187: The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 doe The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.

CVE-2013-0277 [CRITICAL] CVE-2013-0277: ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.

CVE-2014-3482 [HIGH] CWE-89 CVE-2014-3482: SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

CVE-2012-6496 [HIGH] CWE-89 CVE-2012-6496: SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x bef SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.

CVE-2024-28103 [CRITICAL] CWE-20 CVE-2024-28103: Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.

CVE-2014-3483 [HIGH] CWE-89 CVE-2014-3483: SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.

CVE-2017-17916 [HIGH] CWE-89 CVE-2017-17916: SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input

CVE-2017-17917 [HIGH] CWE-89 CVE-2017-17917: SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote a SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input

CVE-2016-6317 [HIGH] CVE-2016-6317: Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parame Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "

CVE-2020-8162 [HIGH] CWE-602 CVE-2020-8162: A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

CVE-2011-2930 [HIGH] CWE-89 CVE-2011-2930: Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters i Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.

CVE-2020-8164 [HIGH] CWE-502 CVE-2020-8164: A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which c A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

CVE-2016-0751 [HIGH] CWE-399 CVE-2016-0751: actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4. actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

CVE-2019-5419 [HIGH] CWE-400 CVE-2019-5419: There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0. There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

CVE-2018-16476 [HIGH] CWE-284 CVE-2018-16476: A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft us A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.

CVE-2026-33174 [HIGH] CWE-789 CVE-2026-33174: Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header (e.g. `bytes=0-`)

CVE-2021-22904 [HIGH] CWE-400 CVE-2021-22904: The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of se The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.

CVE-2021-22885 [HIGH] CWE-209 CVE-2021-22885: A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0. A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.

CVE-2008-4094 [HIGH] CWE-89 CVE-2008-4094: Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execu Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.