Ruby on Rails Ruby on Rails

  1. Vendors
  2. Ruby on Rails

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Ruby on Rails product.

RSS Feeds for Ruby on Rails security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Ruby on Rails products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Ruby on Rails Sorted by Most Security Vulnerabilities since 2018

Ruby on Rails Rails47 vulnerabilities

Ruby on Rails Rails Html Sanitizers10 vulnerabilities

Ruby on Rails10 vulnerabilities

Ruby on Rails Actionpack2 vulnerabilities

Ruby on Rails Actionpack Page Caching2 vulnerabilities

Ruby on Rails Actionview1 vulnerability

Ruby on Rails Active Resource1 vulnerability

Ruby on Rails Active Storage1 vulnerability

Ruby on Rails Globalid1 vulnerability

Ruby on Rails Html Sanitizer1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Ruby on Rails. Ruby on Rails did not have any published security vulnerabilities last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 11 6.53
2023 5 7.22
2022 13 6.90
2021 9 6.72
2020 10 7.30
2019 3 8.27
2018 3 6.70

It may take a day or so for new Ruby on Rails vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Ruby on Rails Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-53986 Dec 02, 2024
Ruby on Rails HTML Sanitizer XSS Vulnerability in HTML5 Sanitization rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math" and "style" elements are both explicitly allowed. This vulnerability is fixed in 1.6.1.
Rails Html Sanitizers
CVE-2024-53987 Dec 02, 2024
Ruby on Rails HTML Sanitizer XSS Vulnerability in HTML5 Configuration rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "style" element is explicitly allowed and the "svg" or "math" element is not allowed. This vulnerability is fixed in 1.6.1.
Rails Html Sanitizers
CVE-2024-53988 Dec 02, 2024
Cross-Site Scripting (XSS) Vulnerability in Rails::HTML::Sanitizer rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either either "mglyph" or "malignmark" are allowed. This vulnerability is fixed in 1.6.1.
Rails Html Sanitizers
CVE-2024-53985 Dec 02, 2024
Cross-Site Scripting (XSS) Vulnerability in Rails::HTML::Sanitizer rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags with both "math" and "style" elements or both both "svg" and "style" elements. This vulnerability is fixed in 1.6.1.
Rails Html Sanitizers
CVE-2024-53989 Dec 02, 2024
Ruby on Rails HTML Sanitizer XSS Vulnerability in HTML5 Configuration rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the the "noscript" element. This vulnerability is fixed in 1.6.1.
Rails Html Sanitizers
CVE-2024-47889 Oct 16, 2024
Rails ActionMailer ReDoS in block_format (v3.0-7.2.1.1) - upgrade Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, or 7.2.1.1 or apply the relevant patch immediately. As a workaround, users can avoid calling the `block_format` helper or upgrade to Ruby 3.2. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected.
Ruby on Rails
CVE-2024-32464 Jun 04, 2024
Rails 7 ActionText unsanitized HTML via rich_text_area (fixed 7.1.3.4/7.2.beta2) Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2.
Rails
CVE-2024-28103 Jun 04, 2024
Action Pack <6.1.7.8 Vulnerable Permissions-Policy Header Setup Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
Rails
CVE-2024-26142 Feb 27, 2024
Redos in ActionDispatch Accept Header (Rails 7.1.x before 7.1.3.1) Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected.
Rails
CVE-2024-26143 Feb 27, 2024
XSS via Unsanitized :default in Rails 7.x translation helpers (ActionController) Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html", a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. The vulnerability is fixed in 7.1.3.1 and 7.0.8.1.
Rails
CVE-2024-26144 Feb 27, 2024
Rails Active Storage Set-Cookie Leak (5.27.0.8.0, 6.16.1.7.6) Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.
Rails
CVE-2023-22795 Feb 09, 2023
Regex DoS in Rails ActionDispatch <6.1.7.1 & <7.0.4.1 (IfNoneMatch) A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
Rails
CVE-2023-22799 Feb 09, 2023
GlobalID ReDoS Vulnerability <1.0.1 A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.
Globalid
CVE-2023-22792 Feb 09, 2023
DoS via Regex Backtracking in Rails ActionDispatch v6.x v7.x (<7.0.4.1) A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
Rails
CVE-2023-22797 Feb 09, 2023
Open Redirect in Rails 7 before 7.0.4.1 An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.
Rails
CVE-2023-22796 Feb 09, 2023
DoS via regex backtrack in Rails ActiveSupport <6.1.7.1/7.0.4.1 underscore A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.
Rails
CVE-2022-23520 Dec 14, 2022
XSS in rails-html-sanitizer <1.4.4 via overridden tags select+style rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.
Rails Html Sanitizers
CVE-2022-23517 Dec 14, 2022
Rails-HTML-Sanitizer <=1.4.3 regex backtracking DOS rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.
Rails Html Sanitizers
CVE-2022-23518 Dec 14, 2022
CVE-2022-23518: XSS via Data URIs in rails-html-sanitizer 1.0.3-1.4.4 rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
Rails Html Sanitizers
CVE-2022-23519 Dec 14, 2022
rails-html-sanitizer XSS: Overridden style/math/svg tags before v1.4.4 rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.
Rails Html Sanitizers
CVE-2022-32224 Dec 05, 2022
ActiveRecord YAML Serialized Columns RCE Escalation (v<7.0.3.1,<6.1.6.1,<6.0.5.1,<5.2.8.1) A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.
Ruby on Rails
CVE-2022-3704 Oct 26, 2022
CVE-2022-3704: XSS in Rails ActionDispatch Routes Table Template A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. NOTE: Maintainer declares that there isnt a valid attack vector. The issue was wrongly reported as a security vulnerability by a non-member of the Rails team.
Rails
CVE-2022-32209 Jun 24, 2022
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).
Rails Html Sanitizers
CVE-2022-27777 May 26, 2022
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
Actionpack
CVE-2022-22577 May 26, 2022
An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.
Actionpack
CVE-2022-21831 May 26, 2022
A code injection vulnerability exists in the Active Storage >= v5.2.0 A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.
Active Storage
CVE-2022-23634 Feb 11, 2022
Puma is a Ruby/Rack web server built for parallelism Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability.
Rails
CVE-2022-23633 Feb 11, 2022
Action Pack is a framework for handling and responding to web requests Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.
Rails
CVE-2021-44528 Jan 10, 2022
A open redirect vulnerability exists in Action Pack >= 6.0.0 A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
Rails
CVE-2011-1497 Oct 19, 2021
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6. A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
Rails
CVE-2021-22942 Oct 18, 2021
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.
Rails
CVE-2021-22903 Jun 11, 2021
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.
Rails
CVE-2021-22904 Jun 11, 2021
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.
Rails
CVE-2021-22902 Jun 11, 2021
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.
Rails
CVE-2021-22885 May 27, 2021
A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.
Rails
Actionpack Page Caching
CVE-2021-22881 Feb 11, 2021
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.
Rails
CVE-2021-22880 Feb 11, 2021
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
Rails
CVE-2020-8264 Jan 06, 2021
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.
Rails
CVE-2020-8185 Jul 02, 2020
A denial of service vulnerability exists in Rails <6.0.3.2 A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
Rails
CVE-2020-8166 Jul 02, 2020
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
Rails
CVE-2020-8163 Jul 02, 2020
The is a code injection vulnerability in versions of Rails prior to 5.0.1 The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
Rails
CVE-2020-8167 Jun 19, 2020
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
Rails
CVE-2020-8165 Jun 19, 2020
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
Rails
CVE-2020-8164 Jun 19, 2020
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
Rails
CVE-2020-8162 Jun 19, 2020
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
Rails
CVE-2020-8159 May 12, 2020
There is a vulnerability in actionpack_page-caching gem < v1.2.1 There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.
Actionpack Page Caching
CVE-2020-8151 May 12, 2020
There is a possible information disclosure issue in Active Resource <v5.1.1 There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.
Active Resource
CVE-2020-5267 Mar 19, 2020
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
Actionview
CVE-2019-5418 Mar 27, 2019
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Rails
CVE-2019-5420 Mar 27, 2019
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
Rails
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.