Vulnerabilidades em Rails
45 resultadosCVE-2019-5418HIGHThere is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accepEPSS 98.5%KEVCVE-2019-5420—A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically geneEPSS 92.1%CVE-2019-5419—There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted aEPSS 8.7%CVE-2020-15169MEDIUMXSS in Action ViewEPSS 2.4%CVE-2022-23633HIGHExposure of sensitive information in Action PackEPSS 2.2%CVE-2025-24293CRITICAL# Active Storage allowed transformation methods potentially unsafe
Active Storage attempts to prevent the use of potentially unsafe imageEPSS 2.1%CVE-2020-5267MEDIUMPossible XSS vulnerability in ActionViewEPSS 1.5%CVE-2024-26142HIGHRails possible ReDoS vulnerability in Accept header parsing in Action DispatchEPSS 1.5%CVE-2022-23517HIGHInefficient Regular Expression Complexity in rails-html-sanitizerEPSS 1.5%CVE-2018-3741—There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributEPSS 1.2%CVE-2010-3299—The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.EPSS 1.1%CVE-2024-26144MEDIUMPossible Sensitive Session Information Leak in Active StorageEPSS 1.1%CVE-2022-23520MEDIUMrails-html-sanitizer contains an incomplete fix for an XSS vulnerabilityEPSS 1.1%CVE-2024-41128MEDIUMAction Dispatch has possible ReDoS vulnerability in query parameter filteringEPSS 1.1%CVE-2023-27539MEDIUMThere is a denial of service vulnerability in the header parsing component of Rack.EPSS 1.1%CVE-2024-47887MEDIUMAction Controller has possible ReDoS vulnerability in HTTP Token authenticationEPSS 1.0%CVE-2024-26143MEDIUMRails Possible XSS Vulnerability in Action ControllerEPSS 1.0%CVE-2024-47888MEDIUMAction Text has possible ReDoS vulnerability in plain_text_for_blockquote_nodeEPSS 1.0%CVE-2024-54133LOWPossible Content Security Policy bypass in Action DispatchEPSS 1.0%CVE-2022-23519HIGHPossible XSS vulnerability with certain configurations of rails-html-sanitizerEPSS 1.0%