Known Vulnerabilities for products from Rubyonrails
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Rubyonrails".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23634 | Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on ... | 5.9 - MEDIUM | 2022-02-11 | 2023-11-07 |
| CVE-2022-23633 | Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not ... | 5.9 - MEDIUM | 2022-02-11 | 2024-01-19 |
| CVE-2022-23520 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-12-14 | 2024-02-01 |
| CVE-2022-23519 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-12-14 | 2024-02-01 |
| CVE-2022-23518 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-12-14 | 2024-02-01 |
| CVE-2022-23517 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-12-14 | 2024-02-01 |
| CVE-2022-22577 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-05-26 | 2023-03-14 |
| CVE-2022-21831 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-05-26 | 2023-03-14 |
| CVE-2021-22942 | A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attacker... | 6.1 - MEDIUM | 2021-10-18 | 2024-02-02 |
| CVE-2021-22904 | The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in th... | 7.5 - HIGH | 2021-06-11 | 2021-09-20 |
| CVE-2021-22903 | The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in... | 6.1 - MEDIUM | 2021-06-11 | 2021-10-21 |
| CVE-2021-22902 | The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers fr... | 7.5 - HIGH | 2021-06-11 | 2021-08-18 |
| CVE-2021-22885 | A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirec... | 7.5 - HIGH | 2021-05-27 | 2022-04-06 |
| CVE-2021-22881 | The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Special... | 6.1 - MEDIUM | 2021-02-11 | 2023-11-07 |
| CVE-2021-22880 | The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service ... | 7.5 - HIGH | 2021-02-11 | 2023-11-07 |
| CVE-2020-8264 | In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing a... | 6.1 - MEDIUM | 2021-01-06 | 2021-01-12 |
| CVE-2020-8185 | A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a ... | 6.5 - MEDIUM | 2020-07-02 | 2023-11-07 |
| CVE-2020-8167 | A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domain... | 6.5 - MEDIUM | 2020-06-19 | 2021-10-21 |
| CVE-2020-8166 | A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global... | 4.3 - MEDIUM | 2020-07-02 | 2020-11-20 |
| CVE-2020-8165 | A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to... | 9.8 - CRITICAL | 2020-06-19 | 2022-05-24 |
Known software with vulnerabilities from Rubyonrails
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Rubyonrails | Actionpack Page-caching | 1.0.0 |
| Application | Rubyonrails | Actionview | 5.2.4.2 |
| Application | Rubyonrails | Active Job | - |
| Application | Rubyonrails | Active Resource | 4.0.0 |
| Application | Rubyonrails | Html Sanitizer | 1.0.0 |
| Application | Rubyonrails | Jquery-rails | 3.1.2 |
| Application | Rubyonrails | Jquery-ujs | 1.0.3 |
| Application | Rubyonrails | Rails | 0.9.1 |
| Application | Rubyonrails | Ruby On Rails | 0.5.0 |
| Application | Rubyonrails | Web Console | 2.1.2 |