| CVE-2013-0156 |
high |
— |
8.5 |
|
|
|
14y ago |
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which … |
| CVE-2016-2098 |
high |
7.3 |
8.3 |
|
|
|
10y ago |
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of t… |
| CVE-2023-22795 |
high |
— |
8.0 |
|
|
|
3y ago |
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expressi… |
| CVE-2023-22792 |
high |
— |
8.0 |
|
|
|
3y ago |
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause … |
| CVE-2022-22577 |
high |
— |
8.0 |
|
|
|
4y ago |
An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. |
| CVE-2011-0449 |
high |
— |
7.5 |
|
|
|
9y ago |
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of availa… |
| CVE-2016-0751 |
high |
7.5 |
7.5 |
|
|
|
11y ago |
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly… |
| CVE-2015-7581 |
high |
7.5 |
7.5 |
|
|
|
11y ago |
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous c… |
| CVE-2015-7576 |
low |
3.7 |
3.7 |
|
|
|
11y ago |
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22… |
| CVE-2026-33167 |
low |
— |
2.5 |
|
|
|
2mo ago |
Rails has a possible XSS vulnerability in its Action Pack debug exceptions |
