Rubyonrails Rails vulnerabilities

CVE-2007-5379 [MEDIUM] CWE-200 Moderate severity vulnerability that affects rails Moderate severity vulnerability that affects rails Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.

CVE-2026-33170 [MEDIUM] CWE-79 CVE-2026-33170: Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails f Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newly created buffer. If a `SafeBuffer` is mutated in place (e.g. via `gsub!`) and then formatted with `%` using untrusted argum

CVE-2015-7576 [LOW] CWE-254 CVE-2015-7576: The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authenticatio The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, whi

CVE-2020-15169 [MEDIUM] CVE-2020-15169: In Action View before versions 5 In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is in

CVE-2022-22577 [MEDIUM] CVE-2022-22577: An XSS Vulnerability in Action Pack >= 5 An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

CVE-2012-2694 [MEDIUM] CVE-2012-2694: actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, a actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted req

CVE-2007-5380 [MEDIUM] CWE-384 Session fixation vulnerability in Rails Session fixation vulnerability in Rails Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

CVE-2011-2929 [MEDIUM] CWE-20 CVE-2011-2929: The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on R The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."

CVE-2026-33169 [MEDIUM] CWE-400 CVE-2026-33169: Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails f Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. `NumberToDelimitedConverter` uses a lookahead-based regular expression with `gsub!` to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between the repeated lookahead group and `gsub!` can produce

CVE-2014-0082 [MEDIUM] CWE-20 CVE-2014-0082: actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 conver actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.

CVE-2016-6316 [MEDIUM] CWE-79 CVE-2016-6316: Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x be Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.

CVE-2021-22903 [MEDIUM] CVE-2021-22903: The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Speciall The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leadin

CVE-2024-26143 [MEDIUM] CWE-79 CVE-2024-26143: Rails is a web-application framework. There is a possible XSS vulnerability when using the translati Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html", a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptib

CVE-2012-6497 [MEDIUM] CVE-2012-6497: The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentiall The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-

CVE-2014-7818 [MEDIUM] CWE-22 CVE-2014-7818: Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action P Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequ

CVE-2013-0276 [MEDIUM] CWE-264 CVE-2013-0276: ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows rem ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.

CVE-2011-0447 [MEDIUM] CWE-352 CVE-2011-0447: Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validat Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redi

CVE-2010-3299 [MEDIUM] CWE-311 CVE-2010-3299: The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

CVE-2022-27777 [MEDIUM] CVE-2022-27777: A XSS Vulnerability in Action View tag helpers >= 5 A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

CVE-2023-22797 [MEDIUM] CWE-601 CVE-2023-22797: An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redire An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an