This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Rubyonrails First view 2011-11-28
Product Rails Last view 2022-02-11
Version 3.0.10 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:rubyonrails:rails

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.9 2022-02-11 CVE-2022-23634

Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability.

5.9 2022-02-11 CVE-2022-23633

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

6.1 2021-10-18 CVE-2021-22942

A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

7.5 2021-06-11 CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.

6.1 2021-06-11 CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`.

7.5 2021-06-11 CVE-2021-22902

The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.

7.5 2021-05-27 CVE-2021-22885

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input.

6.1 2021-02-11 CVE-2021-22881

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.

7.5 2021-02-11 CVE-2021-22880

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

6.1 2021-01-06 CVE-2020-8264

In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.

6.5 2020-07-02 CVE-2020-8185

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

4.3 2020-07-02 CVE-2020-8166

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

8.8 2020-07-02 CVE-2020-8163

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

6.5 2020-06-19 CVE-2020-8167

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

9.8 2020-06-19 CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

7.5 2020-06-19 CVE-2020-8164

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

7.5 2020-06-19 CVE-2020-8162

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

9.8 2019-03-27 CVE-2019-5420

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

7.5 2019-03-27 CVE-2019-5419

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

7.5 2019-03-27 CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

6.5 2018-11-30 CVE-2018-16477

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.

7.5 2018-11-30 CVE-2018-16476

A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1.

6.1 2016-09-07 CVE-2016-6316

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.

7.5 2016-02-15 CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

7.5 2016-02-15 CVE-2016-0751

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

CWE : Common Weakness Enumeration

%idName
26% (14) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
7% (4) CWE-264 Permissions, Privileges, and Access Controls
7% (4) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
7% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
7% (4) CWE-20 Improper Input Validation
5% (3) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
5% (3) CWE-502 Deserialization of Untrusted Data
5% (3) CWE-200 Information Exposure
3% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
3% (2) CWE-352 Cross-Site Request Forgery (CSRF)
1% (1) CWE-770 Allocation of Resources Without Limits or Throttling
1% (1) CWE-434 Unrestricted Upload of File with Dangerous Type
1% (1) CWE-399 Resource Management Errors
1% (1) CWE-330 Use of Insufficiently Random Values
1% (1) CWE-287 Improper Authentication
1% (1) CWE-284 Access Control (Authorization) Issues
1% (1) CWE-254 Security Features
1% (1) CWE-209 Information Exposure Through an Error Message
1% (1) CWE-134 Uncontrolled Format String
1% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

SAINT Exploits

Description Link
Ruby on Rails local names command execution More info here
Ruby on Rails XML Processor YAML Deserialization More info here
Ruby on Rails Dynamic Render code execution More info here

Open Source Vulnerability Database (OSVDB)

id Description
77199 Ruby on Rails Translate Helper Method Unspecified XSS

ExploitDB Exploits

id Description
24434 Ruby on Rails JSON Processor YAML Deserialization Code Execution
24019 Ruby on Rails XML Processor YAML Deserialization Code Execution

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-13 Name : SuSE Update for rubygem-actionpack/activerecord-2_3 openSUSE-SU-2012:0978-1 (...
File : nvt/gb_suse_2012_0978_1.nasl
2012-08-30 Name : Fedora Update for rubygem-activerecord FEDORA-2012-9635
File : nvt/gb_fedora_2012_9635_rubygem-activerecord_fc17.nasl
2012-08-30 Name : Fedora Update for rubygem-actionpack FEDORA-2012-9606
File : nvt/gb_fedora_2012_9606_rubygem-actionpack_fc17.nasl
2012-08-30 Name : Fedora Update for rubygem-activerecord FEDORA-2012-8901
File : nvt/gb_fedora_2012_8901_rubygem-activerecord_fc17.nasl
2012-08-30 Name : Fedora Update for rubygem-actionpack FEDORA-2012-8868
File : nvt/gb_fedora_2012_8868_rubygem-actionpack_fc17.nasl
2012-08-30 Name : Fedora Update for rubygem-actionpack FEDORA-2012-11363
File : nvt/gb_fedora_2012_11363_rubygem-actionpack_fc17.nasl
2012-08-30 Name : Fedora Update for rubygem-actionpack FEDORA-2012-11885
File : nvt/gb_fedora_2012_11885_rubygem-actionpack_fc17.nasl
2012-08-30 Name : Fedora Update for rubygem-activesupport FEDORA-2012-11888
File : nvt/gb_fedora_2012_11888_rubygem-activesupport_fc17.nasl
2012-08-30 Name : Fedora Update for rubygem-actionpack FEDORA-2012-3166
File : nvt/gb_fedora_2012_3166_rubygem-actionpack_fc17.nasl
2012-08-30 Name : Fedora Update for rubygem-activesupport FEDORA-2012-3166
File : nvt/gb_fedora_2012_3166_rubygem-activesupport_fc17.nasl
2012-08-24 Name : Fedora Update for rubygem-actionpack FEDORA-2012-11870
File : nvt/gb_fedora_2012_11870_rubygem-actionpack_fc16.nasl
2012-08-24 Name : Fedora Update for rubygem-activesupport FEDORA-2012-11880
File : nvt/gb_fedora_2012_11880_rubygem-activesupport_fc16.nasl
2012-08-14 Name : Fedora Update for rubygem-actionpack FEDORA-2012-11353
File : nvt/gb_fedora_2012_11353_rubygem-actionpack_fc16.nasl
2012-08-10 Name : FreeBSD Ports: rubygem-actionpack
File : nvt/freebsd_rubygem-actionpack.nasl
2012-08-10 Name : FreeBSD Ports: rubygem-rails
File : nvt/freebsd_rubygem-rails4.nasl
2012-08-10 Name : FreeBSD Ports: rubygem-activemodel
File : nvt/freebsd_rubygem-activemodel.nasl
2012-07-03 Name : Fedora Update for rubygem-actionpack FEDORA-2012-9636
File : nvt/gb_fedora_2012_9636_rubygem-actionpack_fc16.nasl
2012-07-03 Name : Fedora Update for rubygem-activerecord FEDORA-2012-9639
File : nvt/gb_fedora_2012_9639_rubygem-activerecord_fc16.nasl
2012-06-19 Name : Fedora Update for rubygem-actionpack FEDORA-2012-8912
File : nvt/gb_fedora_2012_8912_rubygem-actionpack_fc15.nasl
2012-06-19 Name : Fedora Update for rubygem-activerecord FEDORA-2012-8972
File : nvt/gb_fedora_2012_8972_rubygem-activerecord_fc15.nasl
2012-06-19 Name : Fedora Update for rubygem-activerecord FEDORA-2012-8982
File : nvt/gb_fedora_2012_8982_rubygem-activerecord_fc16.nasl
2012-06-15 Name : Fedora Update for rubygem-actionpack FEDORA-2012-8883
File : nvt/gb_fedora_2012_8883_rubygem-actionpack_fc16.nasl
2012-05-31 Name : Debian Security Advisory DSA 2466-1 (rails)
File : nvt/deb_2466_1.nasl
2012-04-02 Name : Fedora Update for rubygem-actionpack FEDORA-2012-3355
File : nvt/gb_fedora_2012_3355_rubygem-actionpack_fc15.nasl
2012-03-19 Name : Fedora Update for rubygem-actionpack FEDORA-2012-3321
File : nvt/gb_fedora_2012_3321_rubygem-actionpack_fc16.nasl

Snort® IPS/IDS

Date Description
2020-10-27 Ruby on Rails command injection attempt
RuleID : 55821 - Type : SERVER-WEBAPP - Revision : 1
2019-09-24 Ruby on Rails render file directory traversal attempt
RuleID : 51261 - Type : SERVER-WEBAPP - Revision : 1
2019-09-24 Ruby on Rails render file directory traversal attempt
RuleID : 51260 - Type : SERVER-WEBAPP - Revision : 1
2019-07-25 Ruby on Rails Active Storage deserialization remote code execution attempt
RuleID : 50504 - Type : SERVER-WEBAPP - Revision : 1
2019-04-23 Ruby on Rails render file directory traversal attempt
RuleID : 49503 - Type : SERVER-WEBAPP - Revision : 1
2019-04-23 Ruby on Rails render file directory traversal attempt
RuleID : 49502 - Type : SERVER-WEBAPP - Revision : 1
2018-01-03 Ruby on Rails log file manipulation attempt
RuleID : 45082 - Type : SERVER-WEBAPP - Revision : 2
2017-12-29 Ruby on Rails file inclusion attempt
RuleID : 45000 - Type : SERVER-WEBAPP - Revision : 2
2017-12-29 Ruby on Rails file inclusion attempt
RuleID : 44999 - Type : SERVER-WEBAPP - Revision : 2
2014-06-14 UNIX platform forwardslash directory traversal
RuleID : 31013 - Type : SERVER-OTHER - Revision : 2
2014-01-10 Rails JSON to YAML parsing deserialization attempt
RuleID : 25552 - Type : SERVER-OTHER - Revision : 4
2014-01-10 Rails XML parameter parsing vulnerability exploitation attempt
RuleID : 25288 - Type : SERVER-OTHER - Revision : 10
2014-01-10 Rails XML parameter parsing vulnerability exploitation attempt
RuleID : 25287 - Type : SERVER-OTHER - Revision : 12
2014-01-10 Ruby on Rails authlogic session cookie SQL injection attempt
RuleID : 25285 - Type : SERVER-OTHER - Revision : 3
2014-01-10 Ruby on Rails SQL injection attempt
RuleID : 23216 - Type : SERVER-WEBAPP - Revision : 3
2014-01-10 Ruby on rails injection attempt
RuleID : 23213 - Type : SQL - Revision : 6
2014-01-10 Multiple products UNIX platform backslash directory traversal attempt
RuleID : 17391 - Type : SERVER-OTHER - Revision : 16

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-12-03 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_f96044a27df9414b9f6b6e5b85d06c86.nasl - Type: ACT_GATHER_INFO
2017-03-31 Name: The remote host is missing a security update for macOS Server.
File: macos_server_5_3.nasl - Type: ACT_GATHER_INFO
2016-11-15 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2016-5760339e76.nasl - Type: ACT_GATHER_INFO
2016-10-17 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_43f1c867654a11e6828600248c0c745d.nasl - Type: ACT_GATHER_INFO
2016-10-17 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_7e61cf44654911e6828600248c0c745d.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-603.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-604.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote Fedora host is missing a security update.
File: fedora_2016-0d9890f7b5.nasl - Type: ACT_GATHER_INFO
2016-08-29 Name: The remote Fedora host is missing a security update.
File: fedora_2016-ab8bf51cf3.nasl - Type: ACT_GATHER_INFO
2016-08-26 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3651.nasl - Type: ACT_GATHER_INFO
2016-05-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-496.nasl - Type: ACT_GATHER_INFO
2016-03-10 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3509.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2016-3ede04cd79.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2016-73fe05d878.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2016-94e71ee673.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2016-97002ad37b.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2016-cb30088b06.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2016-cc465a34df.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2016-f486068393.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2016-fa0dec2360.nasl - Type: ACT_GATHER_INFO
2016-02-08 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-159.nasl - Type: ACT_GATHER_INFO
2016-02-08 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-160.nasl - Type: ACT_GATHER_INFO
2016-02-03 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_bb0ef21d0e1b461bbc3d9cba39948888.nasl - Type: ACT_GATHER_INFO
2016-02-01 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3464.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-172.nasl - Type: ACT_GATHER_INFO