Check CVE Id
Check CWE Id
The Host Authorization middleware in Action Pack before 126.96.36.199, 188.8.131.52 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.
The PostgreSQL adapter in Active Record before 184.108.40.206, 220.127.116.11, 18.104.22.168 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.
A denial of service vulnerability exists in Rails <22.214.171.124 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
A deserialization of untrusted data vulnernerability exists in rails < 5.2.5, rails < 6.0.4 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
A deserialization of untrusted data vulnerability exists in rails < 126.96.36.199, rails < 188.8.131.52 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
A client side enforcement of server side security vulnerability exists in rails < 184.108.40.206 and rails < 220.127.116.11 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
Back to Top