Ruby On Rails Vulnérabilités

Chronologie

Version

3.0.016
3.0.114
3.0.214
3.0.314
3.2.713

Contre-mesures

Official Fix91
Temporary Fix0
Workaround0
Unavailable1
Not Defined12

Exploitabilité

High9
Functional0
Proof-of-Concept19
Unproven9
Not Defined67

Vecteur d'accès

Not Defined0
Physical0
Local0
Adjacent0
Network104

Authentification

Not Defined0
High0
Low5
None99

Interaction de l'utilisateur

Not Defined0
Required37
None67

C3BM Index

CVSSv3 Base

≤10
≤20
≤30
≤41
≤518
≤624
≤728
≤824
≤96
≤103

CVSSv3 Temp

≤10
≤20
≤30
≤42
≤521
≤634
≤733
≤88
≤93
≤103

VulDB

≤10
≤20
≤31
≤41
≤520
≤628
≤719
≤828
≤94
≤103

NVD

≤10
≤20
≤30
≤41
≤51
≤65
≤78
≤89
≤95
≤102

CNA

≤10
≤20
≤30
≤41
≤50
≤61
≤70
≤82
≤90
≤100

Fournisseur

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploiter 0 jour

<1k20
<2k38
<5k45
<10k1
<25k0
<50k0
<100k0
≥100k0

Exploiter aujourd'hui

<1k104
<2k0
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

Exploiter le volume du marché

🔴 CTI Activités

Affected Versions (173): 0.6, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 1.0, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, 1.6.1, 1.7, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 2, 2.0.1, 2.3, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.11, 2.3.12, 2.3.13, 2.3.14, 3, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.2, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.11, 3.2.12, 3.2.13, 3.2.14, 3.2.15, 3.2.16, 3.2.17, 3.2.18, 3.2.22, 3.2.22.1, 3.2.22.2, 4, 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.1, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.14, 4.1.14.1, 4.2, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.11, 5, 5.0, 5.0.7, 5.0.7.1, 5.1, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.6, 5.1.6.1, 5.2, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.4.1, 5.2.4.2, 5.2.4.3, 6, 6.0.0.beta2, 6.0.1, 6.0.2, 6.0.3, 6.0.3.1, 6.0.3.2, 6.1.7, 6.1.7.1, 6.1.7.2, 6.1.7.3, 6.1.7.4, 6.1.7.5, 6.1.7.6, 7, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.1, 7.1.1, 7.1.2, 7.1.3

Type de logiciel: Programming Language Software

PubliéBaseTempVulnérabilité0dayAujourd'huiExpConCTICVE
27/02/20245.75.6Ruby on Rails cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2024-26143
27/02/20245.35.2Ruby on Rails Active Storage divulgation de l'information$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2024-26144
27/02/20246.46.3Ruby on Rails Accept Header dénie de service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2024-26142
26/10/20223.83.8Ruby on Rails _table.html.erb cross site scripting [Contesté]$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-3704
19/10/20214.84.7Ruby on Rails auto_link cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2011-1497
11/09/20205.65.0Ruby on Rails Action View cross site scripting$0-$5kCalculateurNot DefinedOfficial Fix0.00CVE-2020-15169
02/07/20205.45.1Ruby on Rails dénie de service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8185
02/07/20204.34.1Ruby on Rails cross site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8166
02/07/20208.07.7Ruby on Rails render elévation de privilèges$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-8163
19/06/20205.45.4Ruby on Rails rails-ujs Module cross site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-8167
19/06/20208.58.2Ruby on Rails MemCacheStore/RedisCacheStore elévation de privilèges$0-$5kCalculateurNot DefinedOfficial Fix0.02CVE-2020-8165
19/06/20206.46.1Ruby on Rails elévation de privilèges$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8164
19/06/20207.47.1Ruby on Rails ActiveStorage S3 Adapter Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-8162
12/11/20196.46.4Ruby on Rails Padding chiffrement faible$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2010-3299
27/03/20198.58.4Ruby on Rails Development Mode elévation de privilèges$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2019-5420
27/03/20196.46.3Ruby on Rails Action View dénie de service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-5419
27/03/20196.45.5Ruby on Rails Action View divulgation de l'information$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2019-5418
29/12/20176.86.8Ruby on Rails reorder sql injection$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2017-17920
29/12/20176.86.8Ruby on Rails order sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2017-17919
29/12/20176.86.8Ruby on Rails where sql injection$0-$5kCalculateurNot DefinedNot Defined0.07CVE-2017-17917
29/12/20176.86.8Ruby on Rails find_by sql injection$0-$5kCalculateurNot DefinedNot Defined0.04CVE-2017-17916
07/09/20167.57.3Ruby on Rails Action Record Query elévation de privilèges$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-6317
07/09/20166.15.9Ruby on Rails Action View cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2016-6316
07/04/20167.37.1Ruby on Rails Action Pack elévation de privilèges$0-$5k$0-$5kHighOfficial Fix0.00CVE-2016-2098
07/04/20165.35.2Ruby on Rails Action View directory traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-2097

79 plus d'entrées ne sont pas affichées

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!