Known Vulnerabilities for products from Rubyonrails
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Rubyonrails".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-25015 json | Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | 6.5 - MEDIUM | 2023-02-02 | 2023-02-09 |
| CVE-2023-22799 json | A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can ... | 7.5 - HIGH | 2023-02-09 | 2023-02-16 |
| CVE-2023-22797 json | An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect... | 6.1 - MEDIUM | 2023-02-09 | 2023-02-21 |
| CVE-2023-22795 json | A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A ... | 7.5 - HIGH | 2023-02-09 | 2024-02-02 |
| CVE-2023-22792 json | A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, ... | 7.5 - HIGH | 2023-02-09 | 2024-02-02 |
| CVE-2022-32209 json | # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Ra... | 6.1 - MEDIUM | 2022-06-24 | 2024-02-01 |
| CVE-2022-27777 json | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able t... | 6.1 - MEDIUM | 2022-05-26 | 2023-03-14 |
| CVE-2022-23634 json | Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on ... | 5.9 - MEDIUM | 2022-02-11 | 2023-11-07 |
| CVE-2022-23633 json | Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not ... | 5.9 - MEDIUM | 2022-02-11 | 2024-01-19 |
| CVE-2022-23520 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-12-14 | 2024-02-01 |
| CVE-2022-23519 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-12-14 | 2024-02-01 |
| CVE-2022-23518 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-12-14 | 2024-02-01 |
| CVE-2022-23517 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-12-14 | 2024-02-01 |
| CVE-2022-22577 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-05-26 | 2023-03-14 |
| CVE-2022-21831 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-05-26 | 2023-03-14 |
| CVE-2022-3704 json | ** DISPUTED ** A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the... | 5.4 - MEDIUM | 2022-10-26 | 2023-11-07 |
| CVE-2021-44528 json | A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" heade... | 6.1 - MEDIUM | 2022-01-10 | 2023-03-14 |
| CVE-2021-22942 json | A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attacker... | 6.1 - MEDIUM | 2021-10-18 | 2024-02-02 |
| CVE-2021-22904 json | The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in th... | 7.5 - HIGH | 2021-06-11 | 2021-09-20 |
| CVE-2021-22903 json | The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in... | 6.1 - MEDIUM | 2021-06-11 | 2021-10-21 |
Known software with vulnerabilities from Rubyonrails
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Rubyonrails | Actionpack Page-caching | 1.0.0 |
| Application | Rubyonrails | Actionview | 5.2.4.2 |
| Application | Rubyonrails | Active Job | - |
| Application | Rubyonrails | Active Resource | 4.0.0 |
| Application | Rubyonrails | Html Sanitizer | 1.0.0 |
| Application | Rubyonrails | Jquery-rails | 3.1.2 |
| Application | Rubyonrails | Jquery-ujs | 1.0.3 |
| Application | Rubyonrails | Rails | 0.10.0 |
| Application | Rubyonrails | Ruby On Rails | 0.10.0 |
| Application | Rubyonrails | Web Console | 2.1.2 |