Rubyonrails Rails vulnerabilities
139 known vulnerabilities affecting rubyonrails/rails.
Total CVEs
139
CISA KEV
3
actively exploited
Public exploits
13
Exploited in wild
4
Severity breakdown
CRITICAL10HIGH39MEDIUM87LOW3
Vulnerabilities
Page 6 of 7
CVE-2024-26144P4MEDIUMCVSS 5.3≥ 5.2.0, < 6.1.7.7≥ 7.0.0, < 7.1.02024-02-27
CVE-2024-26144 [MEDIUM] CWE-200 CVE-2024-26144: Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive ses
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an inform
nvdosv
CVE-2023-38037P4MEDIUMCVSS 5.5≥ 0, < 2:6.0.3.7+dfsg-2+deb11u3≥ 0, < 2:6.1.7.10+dfsg-1~deb12u1+1 more2025-01-09
CVE-2023-38037 [MEDIUM] CVE-2023-38037: ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this tem
osv
CVE-2021-22942P4MEDIUMCVSS 6.1≥ 6.0.0, < 6.0.4.1≥ 6.1.0, < 6.1.4.12021-10-18
CVE-2021-22942 [MEDIUM] CWE-601 CVE-2021-22942: A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.
nvdosv
CVE-2024-32464P4MEDIUMCVSS 6.1≥ 7.1.0, < 7.1.3.4v7.2.02024-06-04
CVE-2024-32464 [MEDIUM] CWE-79 CVE-2024-32464: Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::Cont
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2.
nvd
CVE-2023-28120P4MEDIUMCVSS 5.3≥ 0, < 2:6.0.3.7+dfsg-2+deb11u2≥ 0, < 2:6.1.7.3+dfsg-12025-01-09
CVE-2023-28120 [MEDIUM] CVE-2023-28120: There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
osv
CVE-2007-6077P4MEDIUMCVSS 6.8v1.2.42007-11-21
CVE-2007-6077 [MEDIUM] CVE-2007-6077: The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails
The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is du
ghsanvdosv
CVE-2015-3227P4MEDIUMCVSS 5.0v4.1.0v4.1.1+9 more2015-07-26
CVE-2015-3227 [MEDIUM] CVE-2015-3227: The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
nvdosv
CVE-2011-1497P4MEDIUMCVSS 6.1fixed in 3.0.6vrails 3.0.62021-10-19
CVE-2011-1497 [MEDIUM] CWE-79 CVE-2011-1497: A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before versio
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
nvd
CVE-2013-1854P4MEDIUMCVSS 5.0v2.3.0v2.3.1+35 more2013-03-19
CVE-2013-1854 [MEDIUM] CWE-20 CVE-2013-1854: The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x bef
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
nvdosv
CVE-2012-3424P4MEDIUMCVSS 5.0v3.0.0v3.0.1+27 more2012-08-08
CVE-2012-3424 [MEDIUM] CWE-287 CVE-2012-3424: The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ru
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest h
nvd
CVE-2008-5189P4MEDIUMCVSS 5.0v0.9.1v0.9.2+34 more2008-11-21
CVE-2008-5189 [MEDIUM] CWE-352 CVE-2008-5189: CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitra
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
ghsanvdosv
CVE-2011-3186P4MEDIUMCVSS 4.3v2.3.2v2.3.3+5 more2011-08-29
CVE-2011-3186 [MEDIUM] CWE-94 CVE-2011-3186: CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x
CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.
nvdosv
CVE-2014-0081P4MEDIUMCVSS 4.3v0.9.1v0.9.2+104 more2014-02-20
CVE-2014-0081 [MEDIUM] CWE-79 CVE-2014-0081: Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_hel
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) numbe
ghsanvdosv
CVE-2009-3086P4MEDIUMCVSS 5.0v2.1.0v2.1.1+6 more2009-09-08
CVE-2009-3086 [MEDIUM] CWE-200 CVE-2009-3086: A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.
nvdosv
CVE-2013-6415P4MEDIUMCVSS 4.3v3.0.0v3.0.1+46 more2013-12-07
CVE-2013-6415 [MEDIUM] CWE-79 CVE-2013-6415: Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_v
Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.
nvd
CVE-2013-4389P4MEDIUMCVSS 4.3≥ 3.0.0, < 3.2.152013-10-17
CVE-2013-4389 [MEDIUM] CWE-134 CVE-2013-4389: Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
nvd
CVE-2020-5267P4MEDIUMCVSS 4.8≥ 0, < 2:5.2.4.1+dfsg-22020-03-19
CVE-2020-5267 [MEDIUM] CVE-2020-5267: In ActionView before versions 6
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
osv
CVE-2015-3226P4MEDIUMCVSS 4.3v3.0.0v3.1.0+28 more2015-07-26
CVE-2015-3226 [MEDIUM] CWE-79 CVE-2015-3226: Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
nvdosv
CVE-2013-1855P4MEDIUMCVSS 4.3v3.2.0v3.2.1+98 more2013-03-19
CVE-2013-1855 [MEDIUM] CWE-79 CVE-2013-1855: The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted
nvdosv
CVE-2013-4491P4MEDIUMCVSS 4.3≤ 4.0.1v4.0.0+46 more2013-12-07
CVE-2013-4491 [MEDIUM] CWE-79 CVE-2013-4491: Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.
nvd