Ruby On Rails Luki w zabezpieczeniach

Oś czasu

Wersja

3.0.016
3.0.114
3.0.214
3.0.314
3.2.713

Przeciwdziałanie

Official Fix91
Temporary Fix0
Workaround0
Unavailable1
Not Defined12

Wykorzystywanie

High9
Functional0
Proof-of-Concept19
Unproven9
Not Defined67

Wektor dostępu

Not Defined0
Physical0
Local0
Adjacent0
Network104

Uwierzytelnianie

Not Defined0
High0
Low5
None99

Interakcja z użytkownikiem

Not Defined0
Required37
None67

C3BM Index

CVSSv3 Base

≤10
≤20
≤30
≤41
≤518
≤624
≤728
≤824
≤96
≤103

CVSSv3 Temp

≤10
≤20
≤30
≤42
≤521
≤634
≤733
≤88
≤93
≤103

VulDB

≤10
≤20
≤31
≤41
≤520
≤628
≤719
≤828
≤94
≤103

NVD

≤10
≤20
≤30
≤41
≤51
≤65
≤78
≤89
≤95
≤102

CNA

≤10
≤20
≤30
≤41
≤50
≤61
≤70
≤82
≤90
≤100

Sprzedawca

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploit 0-day

<1k20
<2k38
<5k45
<10k1
<25k0
<50k0
<100k0
≥100k0

Wykorzystaj dzisiaj

<1k104
<2k0
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

Affected Versions (173): 0.6, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 1.0, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, 1.6.1, 1.7, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 2, 2.0.1, 2.3, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.11, 2.3.12, 2.3.13, 2.3.14, 3, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.2, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.11, 3.2.12, 3.2.13, 3.2.14, 3.2.15, 3.2.16, 3.2.17, 3.2.18, 3.2.22, 3.2.22.1, 3.2.22.2, 4, 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.1, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.14, 4.1.14.1, 4.2, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.11, 5, 5.0, 5.0.7, 5.0.7.1, 5.1, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.6, 5.1.6.1, 5.2, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.4.1, 5.2.4.2, 5.2.4.3, 6, 6.0.0.beta2, 6.0.1, 6.0.2, 6.0.3, 6.0.3.1, 6.0.3.2, 6.1.7, 6.1.7.1, 6.1.7.2, 6.1.7.3, 6.1.7.4, 6.1.7.5, 6.1.7.6, 7, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.1, 7.1.1, 7.1.2, 7.1.3

Typ oprogramowania: Programming Language Software

OpublikowanoBaseTempSłaby punkt0dayDzisiajWykPrzCTICVE
2024-02-275.75.6Ruby on Rails cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2024-26143
2024-02-275.35.2Ruby on Rails Active Storage information disclosure$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2024-26144
2024-02-276.46.3Ruby on Rails Accept Header denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2024-26142
2022-10-263.83.8Ruby on Rails _table.html.erb cross site scripting [Sporny]$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2022-3704
2021-10-194.84.7Ruby on Rails auto_link cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2011-1497
2020-09-115.65.0Ruby on Rails Action View cross site scripting$0-$5kObliczenieNot DefinedOfficial Fix0.00CVE-2020-15169
2020-07-025.45.1Ruby on Rails denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8185
2020-07-024.34.1Ruby on Rails cross site request forgery$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8166
2020-07-028.07.7Ruby on Rails render privilege escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-8163
2020-06-195.45.4Ruby on Rails rails-ujs Module cross site request forgery$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2020-8167
2020-06-198.58.2Ruby on Rails MemCacheStore/RedisCacheStore privilege escalation$0-$5kObliczenieNot DefinedOfficial Fix0.02CVE-2020-8165
2020-06-196.46.1Ruby on Rails privilege escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8164
2020-06-197.47.1Ruby on Rails ActiveStorage S3 Adapter Remote Code Execution$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2020-8162
2019-11-126.46.4Ruby on Rails Padding weak encryption$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2010-3299
2019-03-278.58.4Ruby on Rails Development Mode privilege escalation$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2019-5420
2019-03-276.46.3Ruby on Rails Action View denial of service$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-5419
2019-03-276.45.5Ruby on Rails Action View information disclosure$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2019-5418
2017-12-296.86.8Ruby on Rails reorder sql injection$0-$5k$0-$5kNot DefinedNot Defined0.02CVE-2017-17920
2017-12-296.86.8Ruby on Rails order sql injection$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2017-17919
2017-12-296.86.8Ruby on Rails where sql injection$0-$5kObliczenieNot DefinedNot Defined0.07CVE-2017-17917
2017-12-296.86.8Ruby on Rails find_by sql injection$0-$5kObliczenieNot DefinedNot Defined0.04CVE-2017-17916
2016-09-077.57.3Ruby on Rails Action Record Query privilege escalation$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-6317
2016-09-076.15.9Ruby on Rails Action View cross site scripting$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2016-6316
2016-04-077.37.1Ruby on Rails Action Pack privilege escalation$0-$5k$0-$5kHighOfficial Fix0.00CVE-2016-2098
2016-04-075.35.2Ruby on Rails Action View directory traversal$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-2097

79 więcej wpisów nie jest pokazywanych

Interested in the pricing of exploits?

See the underground prices here!