Rubyonrails Rails vulnerabilities

CVE-2021-22903 [MEDIUM] CVE-2021-22903: The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Speciall The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leadin

CVE-2021-22885 [HIGH] CWE-209 CVE-2021-22885: A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0. A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.

CVE-2021-22880 [HIGH] CWE-400 CVE-2021-22880: The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expr The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS at

CVE-2021-22881 [MEDIUM] CWE-601 CVE-2021-22881: The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redire The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts wi

CVE-2020-8264 [MEDIUM] CWE-79 CVE-2020-8264: In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in de In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.

CVE-2020-15169 [MEDIUM] CVE-2020-15169: In Action View before versions 5 In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is in

CVE-2020-8163 [HIGH] CWE-94 CVE-2020-8163: The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacke The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

CVE-2020-8166 [MEDIUM] CWE-352 CVE-2020-8166: A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an at A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

CVE-2020-8185 [MEDIUM] CWE-400 CVE-2020-8185: A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

CVE-2020-8165 [CRITICAL] CWE-502 CVE-2020-8165: A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

CVE-2020-8164 [HIGH] CWE-502 CVE-2020-8164: A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which c A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

CVE-2020-8162 [HIGH] CWE-602 CVE-2020-8162: A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

CVE-2020-8167 [MEDIUM] CWE-352 CVE-2020-8167: A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CS A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

CVE-2020-5267 [MEDIUM] CVE-2020-5267: In ActionView before versions 6 In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

CVE-2010-3299 [MEDIUM] CWE-311 CVE-2010-3299: The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

CVE-2019-5420 [CRITICAL] CWE-77 CVE-2019-5420: A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

CVE-2019-5418 [HIGH] CWE-22 CVE-2019-5418: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.1 There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

CVE-2019-5419 [HIGH] CWE-400 CVE-2019-5419: There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0. There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

CVE-2018-16476 [HIGH] CWE-284 CVE-2018-16476: A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft us A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.

CVE-2018-16477 [MEDIUM] CWE-200 CVE-2018-16477: A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow a A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache mani