Ruby Framework

Ruby on Rails

Ruby on Rails or Rails is a server-side web application framework written in Ruby under the MIT License. Rails is a model-view-controller (MVC) framework providing default structures for a database a web service and web pages.

Official Site:

http://rubyonrails.org/

Severity Summary:

Critical: 5 High: 35 Medium: 70 Low: 1

Reference

Title

Severity

CVE-2021-22942

Ruby on Rails URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Medium

CVE-2007-6077

Ruby on Rails Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability

Medium

CVE-2011-1497

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2016-6316

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2021-22903

Ruby on Rails URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Medium

CVE-2020-8185

Ruby on Rails Uncontrolled Resource Consumption Vulnerability

Medium

CVE-2020-8166

Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability

Medium

CVE-2011-3186

Ruby on Rails Improper Control of Generation of Code (Code Injection) Vulnerability

Medium

CVE-2007-3227

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2011-2932

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2012-1098

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2011-3187

Ruby on Rails Improper Input Validation Vulnerability

Medium

CVE-2014-0082

Ruby on Rails Improper Input Validation Vulnerability

Medium

CVE-2013-4491

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2013-6414

Ruby on Rails Improper Input Validation Vulnerability

Medium

CVE-2013-6415

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2013-6416

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2013-6417

Ruby on Rails Permissions Privileges and Access Controls Vulnerability

Medium

CVE-2014-0080

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

Medium

CVE-2014-0081

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2014-0130

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability

Medium

CVE-2011-4319

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2020-8264

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2021-22881

Ruby on Rails URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Medium

CVE-2014-7818

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability

Medium

CVE-2014-3916

Ruby on Rails Data Processing Errors Vulnerability

Medium

CVE-2014-7829

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability

Medium

CVE-2015-3226

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2015-3227

Ruby on Rails Vulnerability

Medium

CVE-2013-4389

Ruby on Rails Use of Externally-Controlled Format String Vulnerability

Medium