rails
RubyGems11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting railspage 1 of 1
- CVE-2006-4111NONECVSS 0.0EG 0.0✓ Fixed in 1.1.62006-08-14
vulnerable: 1.1.0 ... 1.1.5 (6 versions)
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.
- CVE-2006-4112NONECVSS 0.0EG 0.0✓ Fixed in 1.1.62006-08-14
vulnerable: 1.1.0 ... 1.1.5 (6 versions)
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a den…
- CVE-2007-3227NONECVSS 0.0EG 0.0✓ Fixed in 1.2.52007-06-14
vulnerable: 0.10.0 ... 1.2.4 (34 versions)
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
- CVE-2007-5379NONECVSS 0.0EG 0.0✓ Fixed in 1.2.42007-10-19
vulnerable: 0.10.0 ... 1.2.3 (33 versions)
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple…
- CVE-2007-5380NONECVSS 0.0EG 0.0✓ Fixed in 1.2.42007-10-19
vulnerable: 0.10.0 ... 1.2.3 (33 versions)
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
- CVE-2007-6077NONECVSS 0.0EG 0.0✓ Fixed in 1.2.62007-11-21
vulnerable: 0.10.0 ... 1.2.5 (35 versions)
The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to …
- CVE-2008-5189NONECVSS 0.0EG 0.0✓ Fixed in 2.0.52008-11-21
vulnerable: 0.10.0 ... 2.0.4 (40 versions)
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
- CVE-2009-2422CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.3.32009-07-10
vulnerable: 0.10.0 ... 2.3.2 (47 versions)
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, w…
- CVE-2009-4214NONECVSS 0.0EG 0.0✓ Fixed in 2.3.52009-12-07
vulnerable: 2.3.2, 2.3.3, 2.3.4
Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, …
- CVE-2014-0081NONECVSS 0.0EG 0.0✓ Fixed in 4.0.32014-02-20
vulnerable: 4.0.0 ... 4.0.2 (7 versions)
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web scri…
- CVE-2024-26143MEDIUMCVSS 6.1EG 6.1✓ Fixed in 7.1.3.12024-02-27
vulnerable: 7.1.0, 7.1.1, 7.1.2, 7.1.3
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html",…
Check whether rails is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for rails CVEs against the assets you own.
Start Free Scan →