Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ruby On Rails Security Vulnerabilities

cve
cve

CVE-2009-4214

Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and...

7.8AI Score

0.003EPSS

2009-12-07 05:30 PM
68
cve
cve

CVE-2009-2422

The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass...

9.8CVSS

9.4AI Score

0.027EPSS

2009-07-10 03:30 PM
65
cve
cve

CVE-2008-5189

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to...

6.5AI Score

0.002EPSS

2008-11-21 12:00 PM
56
cve
cve

CVE-2008-4094

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and...

10AI Score

0.002EPSS

2008-09-30 05:22 PM
65
cve
cve

CVE-2007-6077

The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote.....

9.5AI Score

0.028EPSS

2007-11-21 09:46 PM
62
4
cve
cve

CVE-2007-5380

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based...

9.2AI Score

0.028EPSS

2007-10-19 11:17 PM
65
cve
cve

CVE-2007-5379

Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading...

9.3AI Score

0.009EPSS

2007-10-19 11:17 PM
60
cve
cve

CVE-2006-4111

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than...

6.8AI Score

0.037EPSS

2006-08-14 09:04 PM
51
Total number of security vulnerabilities58