Known Vulnerabilities for Ruby On Rails by Rubyonrails

Listed below are 10 of the newest known vulnerabilities associated with "Ruby On Rails" by "Rubyonrails".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2017-17920	DISPUTED SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers...	8.1 - HIGH	2017-12-29	2023-11-07
CVE-2017-17919	DISPUTED SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers t...	8.1 - HIGH	2017-12-29	2023-11-07
CVE-2017-17917	DISPUTED SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers t...	8.1 - HIGH	2017-12-29	2023-11-07
CVE-2017-17916	DISPUTED SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers...	8.1 - HIGH	2017-12-29	2023-11-07
CVE-2016-6316	Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x bef...	6.1 - MEDIUM	2016-09-07	2023-11-07
CVE-2016-2098	Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execut...	7.3 - HIGH	2016-04-07	2019-08-08
CVE-2016-2097	Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attac...	5.3 - MEDIUM	2016-04-07	2019-08-08
CVE-2016-0753	Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of i...	5.3 - MEDIUM	2016-02-16	2023-05-19
CVE-2016-0752	Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x bef...	7.5 - HIGH	2016-02-16	2019-08-08
CVE-2016-0751	actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1....	7.5 - HIGH	2016-02-16	2019-08-08

Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Rubyonrails	Ruby On Rails	5.0.0	beta1	All	All
Application	Rubyonrails	Ruby On Rails	5.0.0	beta1.1	All	All
Application	Rubyonrails	Ruby On Rails	5.0.0	beta2	All	All
Application	Rubyonrails	Ruby On Rails	5.0.0	beta3	All	All
Application	Rubyonrails	Ruby On Rails	5.0.0	beta4	All	All
Application	Rubyonrails	Ruby On Rails	5.0.0	racecar1	All	All
Application	Rubyonrails	Ruby On Rails	5.0.0	rc1	All	All
Application	Rubyonrails	Ruby On Rails	5.0.0	rc2	All	All
Application	Rubyonrails	Ruby On Rails	4.2.7	All	All	All
Application	Rubyonrails	Ruby On Rails	4.2.7	rc1	All	All
Application	Rubyonrails	Ruby On Rails	4.2.6	rc1	All	All
Application	Rubyonrails	Ruby On Rails	4.2.5.2	All	All	All
Application	Rubyonrails	Ruby On Rails	4.2.5.1	All	All	All
Application	Rubyonrails	Ruby On Rails	4.2.5	All	All	All
Application	Rubyonrails	Ruby On Rails	4.2.5	rc1	All	All
Application	Rubyonrails	Ruby On Rails	4.2.5	rc2	All	All
Application	Rubyonrails	Ruby On Rails	4.2.4	All	All	All
Application	Rubyonrails	Ruby On Rails	4.2.4	rc1	All	All
Application	Rubyonrails	Ruby On Rails	4.2.3	All	All	All
Application	Rubyonrails	Ruby On Rails	4.2.3	rc1	All	All

Results limited to 20 most recent known configurations