Vulnerabilities (CVE)

Filtered by vendor Rubyonrails Subscribe

Filtered by product Rails

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-8165	3 Debian, Opensuse, Rubyonrails	3 Debian Linux, Leap, Rails	2022-05-24	7.5 HIGH	9.8 CRITICAL
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.
CVE-2019-5420	3 Debian, Fedoraproject, Rubyonrails	3 Debian Linux, Fedora, Rails	2021-11-03	7.5 HIGH	9.8 CRITICAL
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.