Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Ruby on rails Number Of NVD 106 CRITICAL 3 HIGH 34 MEDIUM 68 LOW 1
URL https://rubyonrails.org/
Explanation This is the most famous framework in Ruby.
Its basic philosophy is "Don't Repeat Yourself" and "Convention over Configuration".
Model View Controller (MVC) is used.

The latest major release contains bug fixes and security fixes.
The previous major release contains security fixes.
Earlier major releases are no longer supported.

Serious security issues may be addressed outside of support.
Tag
  • MIT License
  • Ruby
Add Information URL
No Type Name URL
1 https://rubyonrails.org/
2 https://guides.rubyonrails.org/maintenance_policy.html
3 https://railslts.com/
4 https://railsguides.jp/maintenance_policy.html
5 https://weblog.rubyonrails.org/releases/
6 https://github.com/rails/rails
7 https://rubyonrails.org/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
11 Ruby on rails 7.0 7.0.8.4 June 4, 2024 Dec. 15, 2021 1 2 4 0
12 Ruby on rails 6.1 6.1.7.7 Feb. 21, 2024 Dec. 9, 2020 1 6 6 0
13 Ruby on rails 6.0 6.0.6.1 Jan. 17, 2023 Aug. 16, 2019 2 8 9 0
14 Ruby on rails 5.2 5.2.8.1 July 12, 2022 April 9, 2018 2 10 5 0
15 Ruby on Rails 5.1 5.1.7 March 27, 2019 April 27, 2017 April 9, 2018 April 9, 2018 2 11 4 0
16 Ruby on rails 5.0 5.0.7.2 March 11, 2019 June 30, 2016 April 27, 2017 April 27, 2017 2 15 7 1
17 Ruby on rails 4.2 4.2.11.3 May 15, 2020 Dec. 20, 2014 June 30, 2016 Aug. 16, 2019 2 17 9 1
18 Ruby on rails 4.1 4.1.16 July 12, 2016 April 8, 2014 Dec. 20, 2014 Dec. 20, 2014 2 17 12 1
19 Ruby on rails 4.0 4.0.13 Jan. 6, 2015 June 25, 2013 April 8, 2014 Dec. 20, 2014 2 17 14 1
20 Ruby on rails 3.2 3.2.2.25 2 16 31 0
21 Ruby on rails 3.1 3.1.9 2 16 35 0
22 Ruby on rails 3.0 3.0.9 2 20 37 0
23 Ruby on rails 2.3 2.3.9 2 14 29 0
24 Ruby on rails 2.2 2.2.3 2 12 22 0
25 Ruby on rails 2.1 2.1.2 2 13 24 0
26 Ruby on rails 2.0 2.0.5 2 13 22 0
27 Ruby on rails 1.9 1.9.5 2 11 17 0
28 Ruby on rails 1.2 1.2.6 2 11 17 0
29 Ruby on rails 1.1 1.1.6 2 13 17 0
30 Ruby on rails 1.0 1.0.0 2 12 16 0
31 Ruby on rails 0.9 0.9.5 2 12 16 0
32 Ruby on rails 0.14 0.14.4 2 12 16 0
33 Ruby on rails 0.13 0.13.1 2 12 16 0
34 Ruby on rails 0.12 0.12.1 2 12 16 0
35 Ruby on rails 0.11 0.11.1 2 12 16 0
36 Ruby on rails 0.10 0.10.1 2 12 16 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
11 6.1
5.8 		MEDIUM
Network 		A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. CWE-601
Open Redirect 		CVE-2021-22942 cpe:2.3:a:rubyonrails:rails:*:* 6.1.0
6.0.0

6.1.4.1
6.0.4.1 		2024-11-21 14:50
2021-10-18 		Show GitHub Exploit DB Packet Storm
12 7.5
5.0 		HIGH
Network 		The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive … NVD-CWE-Other
CVE-2021-22904 cpe:2.3:a:rubyonrails:rails:*:* 6.1.0
6.0.0

5.2.5





6.1.3.2
6.0.3.7
5.2.4.6
5.2.6 		2024-11-21 14:50
2021-06-12 		Show GitHub Exploit DB Packet Storm
13 6.1
5.8 		MEDIUM
Network 		The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Author… CWE-601
Open Redirect 		CVE-2021-22903 cpe:2.3:a:rubyonrails:rails:6.1.0:rc2
cpe:2.3:a:rubyonrails:rails:*:* 		6.1.1 6.1.3.2 2024-11-21 14:50
2021-06-12 		Show GitHub Exploit DB Packet Storm
14 7.5
5.0 		HIGH
Network 		The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of A… NVD-CWE-noinfo
CVE-2021-22902 cpe:2.3:a:rubyonrails:rails:*:* 6.0.0
6.1.0

6.0.3.7
6.1.0.2 		2024-11-21 14:50
2021-06-12 		Show GitHub Exploit DB Packet Storm
15 7.5
5.0 		HIGH
Network 		A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. CWE-209
Information Exposure Through an Error Message 		CVE-2021-22885 cpe:2.3:a:rubyonrails:rails:*:* 6.1.0.0
6.0.0.0
5.2.0.0



6.1.3.1
6.0.3.7
5.2.4.6 		2024-11-21 14:50
2021-05-27 		Show GitHub Exploit DB Packet Storm
16 6.1
5.8 		MEDIUM
Network 		The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" forma… CWE-601
Open Redirect 		CVE-2021-22881 cpe:2.3:a:rubyonrails:rails:*:* 6.1.0
6.0.0

6.1.2.1
6.0.3.5 		2024-11-21 14:50
2021-02-12 		Show GitHub Exploit DB Packet Storm
17 7.5
5.0 		HIGH
Network 		The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validat… CWE-400
 Uncontrolled Resource Consumption 		CVE-2021-22880 cpe:2.3:a:rubyonrails:rails:*:* 6.1.0
6.0.0
4.2.0



6.1.2.1
6.0.3.5
5.2.4.5 		2024-11-21 14:50
2021-02-12 		Show GitHub Exploit DB Packet Storm
18 6.1
4.3 		MEDIUM
Network 		In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL whic… CWE-79
Cross-site Scripting 		CVE-2020-8264 cpe:2.3:a:rubyonrails:rails:*:* 6.0.0 6.0.3.4 2024-11-21 14:38
2021-01-7 		Show GitHub Exploit DB Packet Storm
19 6.5
4.0 		MEDIUM
Network 		A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. CWE-400
 Uncontrolled Resource Consumption 		CVE-2020-8185 cpe:2.3:a:rubyonrails:rails:*:* 6.0.0 6.0.3.2 2024-11-21 14:38
2020-07-3 		Show GitHub Exploit DB Packet Storm
20 4.3
4.3 		MEDIUM
Network 		A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, fo… CWE-352
 Origin Validation Error 		CVE-2020-8166 cpe:2.3:a:rubyonrails:rails:*:* 6.0.0

6.0.3.1
5.2.4.3 		2024-11-21 14:38
2020-07-3 		Show GitHub Exploit DB Packet Storm