Ruby on Rails Ruby on Rails

stack.watch can email you when security vulnerabilities are reported in any Ruby on Rails product. You can add multiple products that you use with Ruby on Rails to create your own personal software stack watcher.

Products by Ruby on Rails Sorted by Most Security Vulnerabilities since 2018

Ruby on Rails Rails15 vulnerabilities

Ruby on Rails Actionview1 vulnerability

@rails Tweets

RT @fxn: rails % git commit -m 'Drops support for classic mode' #Rails7
Mon Mar 01 20:22:03 +0000 2021

Rails 6.1.3 has been released https://t.co/VLSdG9k3OF
Wed Feb 17 19:34:57 +0000 2021

Rails 6.1.2 has been released! https://t.co/bEuR3QvSqT
Tue Feb 09 22:44:57 +0000 2021

Rails 7.0 will require Ruby 2.7+. rails/main will stop testing against earlier Rubies shortly. Get your upgrade game on ✌️
Thu Feb 04 16:28:17 +0000 2021

Rails 6.1.1 has been released! https://t.co/RY0SxakbW4
Fri Jan 08 20:38:51 +0000 2021

By the Year

In 2021 there have been 3 vulnerabilities in Ruby on Rails with an average score of 6.6 out of ten. Last year Ruby on Rails had 10 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Ruby on Rails in 2021 could surpass last years number. Last year, the average CVE base score was greater by 0.73

Year Vulnerabilities Average Score
2021 3 6.57
2020 10 7.30
2019 3 8.27
2018 3 6.70

It may take a day or so for new Ruby on Rails vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Ruby on Rails Security Vulnerabilities

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability

CVE-2021-22881 6.1 - Medium - February 11, 2021

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.

CVE-2021-22881 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Open Redirect

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers

CVE-2021-22880 7.5 - High - February 11, 2021

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

CVE-2021-22880 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Uncontrolled Resource Consumption ('Resource Exhaustion')

In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode

CVE-2020-8264 6.1 - Medium - January 06, 2021

In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.

CVE-2020-8264 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

The is a code injection vulnerability in versions of Rails prior to 5.0.1

CVE-2020-8163 8.8 - High - July 02, 2020

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

CVE-2020-8163 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Control of Generation of Code ('Code Injection')

A denial of service vulnerability exists in Rails <6.0.3.2

CVE-2020-8185 6.5 - Medium - July 02, 2020

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

CVE-2020-8185 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Uncontrolled Resource Consumption ('Resource Exhaustion')

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4

CVE-2020-8166 4.3 - Medium - July 02, 2020

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

CVE-2020-8166 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

352

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1

CVE-2020-8165 9.8 - Critical - June 19, 2020

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

CVE-2020-8165 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Marshaling, Unmarshaling

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module

CVE-2020-8167 6.5 - Medium - June 19, 2020

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

CVE-2020-8167 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

352

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter

CVE-2020-8162 7.5 - High - June 19, 2020

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

CVE-2020-8162 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Unrestricted File Upload

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can

CVE-2020-8164 7.5 - High - June 19, 2020

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

CVE-2020-8164 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Marshaling, Unmarshaling

There is a vulnerability in actionpack_page-caching gem < v1.2.1

CVE-2020-8159 9.8 - Critical - May 12, 2020

There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.

CVE-2020-8159 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Directory traversal

There is a possible information disclosure issue in Active Resource <v5.1.1

CVE-2020-8151 7.5 - High - May 12, 2020

There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.

CVE-2020-8151 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers

CVE-2020-5267 4.8 - Medium - March 19, 2020

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

CVE-2020-5267 can be explotited with network access, requires user interaction and user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.7 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can

CVE-2019-5420 9.8 - Critical - March 27, 2019

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

CVE-2019-5420 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Improper Input Validation

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers

CVE-2019-5419 7.5 - High - March 27, 2019

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

CVE-2019-5419 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Uncontrolled Resource Consumption ('Resource Exhaustion')

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers

CVE-2019-5418 7.5 - High - March 27, 2019

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

CVE-2019-5418 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Information Leak

A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information

CVE-2018-16476 7.5 - High - November 30, 2018

A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.

CVE-2018-16476 is exploitable with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Marshaling, Unmarshaling

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services

CVE-2018-16477 6.5 - Medium - November 30, 2018

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.

CVE-2018-16477 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby

CVE-2018-3741 6.1 - Medium - March 30, 2018

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.

CVE-2018-3741 can be explotited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8