Known Vulnerabilities for Ruby On Rails by Rubyonrails
Listed below are 10 of the newest known vulnerabilities associated with "Ruby On Rails" by "Rubyonrails".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2017-17920 json | ** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers... | 8.1 - HIGH | 2017-12-29 | 2023-11-07 |
| CVE-2017-17919 json | ** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers t... | 8.1 - HIGH | 2017-12-29 | 2023-11-07 |
| CVE-2017-17917 json | ** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers t... | 8.1 - HIGH | 2017-12-29 | 2023-11-07 |
| CVE-2017-17916 json | ** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers... | 8.1 - HIGH | 2017-12-29 | 2023-11-07 |
| CVE-2016-6316 json | Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x bef... | 6.1 - MEDIUM | 2016-09-07 | 2023-11-07 |
| CVE-2016-2098 json | Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execut... | 7.3 - HIGH | 2016-04-07 | 2019-08-08 |
| CVE-2016-2097 json | Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attac... | 5.3 - MEDIUM | 2016-04-07 | 2019-08-08 |
| CVE-2016-0753 json | Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of i... | 5.3 - MEDIUM | 2016-02-16 | 2023-05-19 |
| CVE-2016-0751 json | actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.... | 7.5 - HIGH | 2016-02-16 | 2019-08-08 |
| CVE-2015-7577 json | activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x ... | 5.3 - MEDIUM | 2016-02-16 | 2019-08-08 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rubyonrails | Ruby On Rails | 5.0.0 | |||
| Application | Rubyonrails | Ruby On Rails | 5.0.0 | |||
| Application | Rubyonrails | Ruby On Rails | 5.0.0 | |||
| Application | Rubyonrails | Ruby On Rails | 5.0.0 | |||
| Application | Rubyonrails | Ruby On Rails | 5.0.0 | |||
| Application | Rubyonrails | Ruby On Rails | 5.0.0 | |||
| Application | Rubyonrails | Ruby On Rails | 5.0.0 | |||
| Application | Rubyonrails | Ruby On Rails | 5.0.0 | |||
| Application | Rubyonrails | Ruby On Rails | 4.2.7 | |||
| Application | Rubyonrails | Ruby On Rails | 4.2.7 | |||
| Application | Rubyonrails | Ruby On Rails | 4.2.6 | |||
| Application | Rubyonrails | Ruby On Rails | 4.2.5.2 | |||
| Application | Rubyonrails | Ruby On Rails | 4.2.5.1 | |||
| Application | Rubyonrails | Ruby On Rails | 4.2.5 | |||
| Application | Rubyonrails | Ruby On Rails | 4.2.5 | |||
| Application | Rubyonrails | Ruby On Rails | 4.2.5 | |||
| Application | Rubyonrails | Ruby On Rails | 4.2.4 | |||
| Application | Rubyonrails | Ruby On Rails | 4.2.4 | |||
| Application | Rubyonrails | Ruby On Rails | 4.2.3 | |||
| Application | Rubyonrails | Ruby On Rails | 4.2.3 |