Rubyonrails Rails vulnerabilities

CVE-2026-33658 [MEDIUM] CWE-770 CVE-2026-33658: Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same fil

CVE-2013-0155 [MEDIUM] CWE-264 CVE-2013-0155: Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly co Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted

CVE-2011-0448 [HIGH] CWE-89 CVE-2011-0448: Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify intege Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.

CVE-2010-3933 [MEDIUM] CWE-20 CVE-2010-3933: Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attack Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.

CVE-2015-7577 [MEDIUM] CWE-284 CVE-2015-7577: activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2. activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the ne

CVE-2013-6417 [MEDIUM] CVE-2013-6417: actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 d actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses vi

CVE-2016-2097 [MEDIUM] CVE-2016-2097: Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1 Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752.

CVE-2006-4112 [HIGH] CVE-2006-4112: Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1. Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111.

CVE-2026-33173 [MEDIUM] CWE-925 CVE-2026-33173: Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `DirectUploadsController` accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like `identified` and `analyzed` are stored in the same metadata hash, a direct-upload client can

CVE-2018-16477 [MEDIUM] CWE-200 CVE-2018-16477: A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow a A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache mani

CVE-2022-23634 [MEDIUM] CWE-200 CVE-2022-23634: Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may no Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing t

CVE-2012-2661 [MEDIUM] CWE-89 CVE-2012-2661: The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x befo The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related

CVE-2013-1856 [MEDIUM] CWE-20 CVE-2013-1856: The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the XML parser, which allows remote attackers to read arbitrary files or cause a denial of service (reso

CVE-2006-4111 [HIGH] CWE-94 CVE-2006-4111: Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" i Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.

CVE-2022-23633 [MEDIUM] CWE-200 CVE-2022-23633: Action Pack is a framework for handling and responding to web requests. Under certain circumstances Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has be

CVE-2014-7829 [MEDIUM] CVE-2014-7829: Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action P Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a

CVE-2023-23913 [MEDIUM] CVE-2023-23913: There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or

CVE-2020-8185 [MEDIUM] CWE-400 CVE-2020-8185: A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

CVE-2013-3221 [MEDIUM] CWE-20 CVE-2013-3221: The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value,

CVE-2020-8167 [MEDIUM] CWE-352 CVE-2020-8167: A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CS A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.