Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Ruby on rails Number Of NVD 106 CRITICAL 3 HIGH 34 MEDIUM 68 LOW 1
URL https://rubyonrails.org/
Explanation This is the most famous framework in Ruby.
Its basic philosophy is "Don't Repeat Yourself" and "Convention over Configuration".
Model View Controller (MVC) is used.

The latest major release contains bug fixes and security fixes.
The previous major release contains security fixes.
Earlier major releases are no longer supported.

Serious security issues may be addressed outside of support.
Tag
  • MIT License
  • Ruby
Add Information URL
No Type Name URL
1 https://rubyonrails.org/
2 https://guides.rubyonrails.org/maintenance_policy.html
3 https://railslts.com/
4 https://railsguides.jp/maintenance_policy.html
5 https://weblog.rubyonrails.org/releases/
6 https://github.com/rails/rails
7 https://rubyonrails.org/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 Ruby on rails 7.0 7.0.8.4 June 4, 2024 Dec. 15, 2021 1 2 4 0
2 Ruby on rails 6.1 6.1.7.7 Feb. 21, 2024 Dec. 9, 2020 1 6 6 0
3 Ruby on rails 6.0 6.0.6.1 Jan. 17, 2023 Aug. 16, 2019 2 8 9 0
4 Ruby on rails 5.2 5.2.8.1 July 12, 2022 April 9, 2018 2 10 5 0
5 Ruby on Rails 5.1 5.1.7 March 27, 2019 April 27, 2017 April 9, 2018 April 9, 2018 2 11 4 0
6 Ruby on rails 5.0 5.0.7.2 March 11, 2019 June 30, 2016 April 27, 2017 April 27, 2017 2 15 7 1
7 Ruby on rails 4.2 4.2.11.3 May 15, 2020 Dec. 20, 2014 June 30, 2016 Aug. 16, 2019 2 17 9 1
8 Ruby on rails 4.1 4.1.16 July 12, 2016 April 8, 2014 Dec. 20, 2014 Dec. 20, 2014 2 17 12 1
9 Ruby on rails 4.0 4.0.13 Jan. 6, 2015 June 25, 2013 April 8, 2014 Dec. 20, 2014 2 17 14 1
10 Ruby on rails 3.2 3.2.2.25 2 16 31 0
11 Ruby on rails 3.1 3.1.9 2 16 35 0
12 Ruby on rails 3.0 3.0.9 2 20 37 0
13 Ruby on rails 2.3 2.3.9 2 14 29 0
14 Ruby on rails 2.2 2.2.3 2 12 22 0
15 Ruby on rails 2.1 2.1.2 2 13 24 0
16 Ruby on rails 2.0 2.0.5 2 13 22 0
17 Ruby on rails 1.9 1.9.5 2 11 17 0
18 Ruby on rails 1.2 1.2.6 2 11 17 0
19 Ruby on rails 1.1 1.1.6 2 13 17 0
20 Ruby on rails 1.0 1.0.0 2 12 16 0
21 Ruby on rails 0.9 0.9.5 2 12 16 0
22 Ruby on rails 0.14 0.14.4 2 12 16 0
23 Ruby on rails 0.13 0.13.1 2 12 16 0
24 Ruby on rails 0.12 0.12.1 2 12 16 0
25 Ruby on rails 0.11 0.11.1 2 12 16 0
26 Ruby on rails 0.10 0.10.1 2 12 16 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 6.1
- 		MEDIUM
Network 		Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This… CWE-79
Cross-site Scripting 		CVE-2024-32464 cpe:2.3:a:rubyonrails:rails:7.2.0:beta1
cpe:2.3:a:rubyonrails:rails:*:* 		7.1.0 7.1.3.4 2024-11-21 18:14
2024-06-5 		Show GitHub Exploit DB Packet Storm
2 9.8
- 		CRITICAL
Network 		Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. Thi… NVD-CWE-noinfo
CVE-2024-28103 cpe:2.3:a:rubyonrails:rails:7.2.0:beta1
cpe:2.3:a:rubyonrails:rails:*:* 		7.1.0
6.1.0
7.0.0



7.1.3.4
6.1.7.8
7.0.8.4 		2024-11-21 18:05
2024-06-5 		Show GitHub Exploit DB Packet Storm
3 6.1
- 		MEDIUM
Network 		An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully r… CWE-601
Open Redirect 		CVE-2023-22797 cpe:2.3:a:rubyonrails:rails:*:* 7.0.0 7.0.4.1 2024-11-21 16:45
2023-02-10 		Show GitHub Exploit DB Packet Storm
4 7.5
- 		HIGH
Network 		A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expressi… CWE-1333
 Inefficient Regular Expression Complexity 		CVE-2023-22795 cpe:2.3:a:rubyonrails:rails:*:*
7.0.0

6.1.7.1
7.0.4.1 		2024-11-21 16:45
2023-02-10 		Show GitHub Exploit DB Packet Storm
5 7.5
- 		HIGH
Network 		A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause … CWE-1333
 Inefficient Regular Expression Complexity 		CVE-2023-22792 cpe:2.3:a:rubyonrails:rails:*:* 7.0.0
6.1.0
3.0.0



7.0.4.1
6.1.7.1
6.0.6.1 		2024-11-21 16:45
2023-02-10 		Show GitHub Exploit DB Packet Storm
6 5.4
- 		MEDIUM
Network 		A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The man… - CVE-2022-3704 cpe:2.3:a:rubyonrails:rails:-:* 2024-11-21 16:20
2022-10-27 		Show GitHub Exploit DB Packet Storm
7 5.9
4.3 		MEDIUM
Network 		Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the resp… CWE-404
 Improper Resource Shutdown or Release 		CVE-2022-23634 cpe:2.3:a:rubyonrails:rails:*:* 7.0.0
6.1.0
6.0.0
5.0.0





7.0.2.2
6.1.4.6
6.0.4.6
5.2.6.2 		2024-11-21 15:48
2022-02-12 		Show GitHub Exploit DB Packet Storm
8 5.9
4.3 		MEDIUM
Network 		Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `Action… CWE-212
 Improper Removal of Sensitive Information Before Storage or Transfer 		CVE-2022-23633 cpe:2.3:a:rubyonrails:rails:*:* 7.0.0
6.1.0
6.0.0
5.0.0





7.0.2.2
6.1.4.6
6.0.4.6
5.2.6.2 		2024-11-21 15:48
2022-02-12 		Show GitHub Exploit DB Packet Storm
9 6.1
5.8 		MEDIUM
Network 		A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host A… CWE-601
Open Redirect 		CVE-2021-44528 cpe:2.3:a:rubyonrails:rails:7.0.0:rc2
cpe:2.3:a:rubyonrails:rails:6.1.4.2:*
cpe:2.3:a:rubyonrails:rails:6.0.4.2:* 		2024-11-21 15:31
2022-01-10 		Show GitHub Exploit DB Packet Storm
10 6.1
4.3 		MEDIUM
Network 		A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6. - CVE-2011-1497 cpe:2.3:a:rubyonrails:rails:*:* 3.0.6 2024-11-21 10:26
2021-10-19 		Show GitHub Exploit DB Packet Storm