Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Ruby on rails Number Of NVD 106 CRITICAL 3 HIGH 34 MEDIUM 68 LOW 1
URL https://rubyonrails.org/
Explanation This is the most famous framework in Ruby.
Its basic philosophy is "Don't Repeat Yourself" and "Convention over Configuration".
Model View Controller (MVC) is used.

The latest major release contains bug fixes and security fixes.
The previous major release contains security fixes.
Earlier major releases are no longer supported.

Serious security issues may be addressed outside of support.
Tag
  • MIT License
  • Ruby
Add Information URL
No Type Name URL
1 https://rubyonrails.org/
2 https://guides.rubyonrails.org/maintenance_policy.html
3 https://railslts.com/
4 https://railsguides.jp/maintenance_policy.html
5 https://weblog.rubyonrails.org/releases/
6 https://github.com/rails/rails
7 https://rubyonrails.org/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
61 Ruby on rails 7.0 7.0.8.4 June 4, 2024 Dec. 15, 2021 1 2 4 0
62 Ruby on rails 6.1 6.1.7.7 Feb. 21, 2024 Dec. 9, 2020 1 6 6 0
63 Ruby on rails 6.0 6.0.6.1 Jan. 17, 2023 Aug. 16, 2019 2 8 9 0
64 Ruby on rails 5.2 5.2.8.1 July 12, 2022 April 9, 2018 2 10 5 0
65 Ruby on Rails 5.1 5.1.7 March 27, 2019 April 27, 2017 April 9, 2018 April 9, 2018 2 11 4 0
66 Ruby on rails 5.0 5.0.7.2 March 11, 2019 June 30, 2016 April 27, 2017 April 27, 2017 2 15 7 1
67 Ruby on rails 4.2 4.2.11.3 May 15, 2020 Dec. 20, 2014 June 30, 2016 Aug. 16, 2019 2 17 9 1
68 Ruby on rails 4.1 4.1.16 July 12, 2016 April 8, 2014 Dec. 20, 2014 Dec. 20, 2014 2 17 12 1
69 Ruby on rails 4.0 4.0.13 Jan. 6, 2015 June 25, 2013 April 8, 2014 Dec. 20, 2014 2 17 14 1
70 Ruby on rails 3.2 3.2.2.25 2 16 31 0
71 Ruby on rails 3.1 3.1.9 2 16 35 0
72 Ruby on rails 3.0 3.0.9 2 20 37 0
73 Ruby on rails 2.3 2.3.9 2 14 29 0
74 Ruby on rails 2.2 2.2.3 2 12 22 0
75 Ruby on rails 2.1 2.1.2 2 13 24 0
76 Ruby on rails 2.0 2.0.5 2 13 22 0
77 Ruby on rails 1.9 1.9.5 2 11 17 0
78 Ruby on rails 1.2 1.2.6 2 11 17 0
79 Ruby on rails 1.1 1.1.6 2 13 17 0
80 Ruby on rails 1.0 1.0.0 2 12 16 0
81 Ruby on rails 0.9 0.9.5 2 12 16 0
82 Ruby on rails 0.14 0.14.4 2 12 16 0
83 Ruby on rails 0.13 0.13.1 2 12 16 0
84 Ruby on rails 0.12 0.12.1 2 12 16 0
85 Ruby on rails 0.11 0.11.1 2 12 16 0
86 Ruby on rails 0.10 0.10.1 2 12 16 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
61 -
4.3 		MEDIUM Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of servi… CWE-134
Use of Externally-Controlled Format String 		CVE-2013-4389 cpe:2.3:a:rubyonrails:rails:*:* 3.0.0 3.2.15 2024-11-21 10:55
2013-10-17 		Show GitHub Exploit DB Packet Storm
62 -
6.4 		MEDIUM The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored value… CWE-20
 Improper Input Validation  		CVE-2013-3221 cpe:2.3:a:rubyonrails:rails:3.2.9:*
cpe:2.3:a:rubyonrails:rails:3.2.8:*
cpe:2.3:a:rubyonrails:rails:3.2.7:*
cp… 		2024-11-21 10:53
2013-04-22 		Show GitHub Exploit DB Packet Storm
63 -
4.3 		MEDIUM The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 … CWE-79
Cross-site Scripting 		CVE-2013-1857 cpe:2.3:a:rubyonrails:rails:3.2.9:*
cpe:2.3:a:rubyonrails:rails:3.2.8:*
cpe:2.3:a:rubyonrails:rails:3.2.7:*
cp… 		2024-11-21 10:50
2013-03-20 		Show GitHub Exploit DB Packet Storm
64 -
5.8 		MEDIUM The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is us… CWE-20
 Improper Input Validation  		CVE-2013-1856 cpe:2.3:a:rubyonrails:rails:3.2.9:*
cpe:2.3:a:rubyonrails:rails:3.2.8:*
cpe:2.3:a:rubyonrails:rails:3.2.7:*
cp… 		2024-11-21 10:50
2013-03-20 		Show GitHub Exploit DB Packet Storm
65 -
4.3 		MEDIUM The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2… CWE-79
Cross-site Scripting 		CVE-2013-1855 cpe:2.3:a:rubyonrails:rails:3.2.9:*
cpe:2.3:a:rubyonrails:rails:3.2.8:*
cpe:2.3:a:rubyonrails:rails:3.2.7:*
cp… 		2024-11-21 10:50
2013-03-20 		Show GitHub Exploit DB Packet Storm
66 -
5.0 		MEDIUM The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attack… CWE-20
 Improper Input Validation  		CVE-2013-1854 cpe:2.3:a:rubyonrails:rails:3.2.9:*
cpe:2.3:a:rubyonrails:rails:3.2.8:*
cpe:2.3:a:rubyonrails:rails:3.2.7:*
cp… 		2024-11-21 10:50
2013-03-20 		Show GitHub Exploit DB Packet Storm
67 -
10.0 		HIGH ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +seria… NVD-CWE-noinfo
CVE-2013-0277 cpe:2.3:a:rubyonrails:rails:3.0.9:rc5
cpe:2.3:a:rubyonrails:rails:3.0.9:rc4
cpe:2.3:a:rubyonrails:rails:3.0.9:rc3… 		2024-11-21 10:47
2013-02-13 		Show GitHub Exploit DB Packet Storm
68 -
4.3 		MEDIUM ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attribut… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-0276 cpe:2.3:a:rubyonrails:rails:3.2.9:*
cpe:2.3:a:rubyonrails:rails:3.2.8:*
cpe:2.3:a:rubyonrails:rails:3.2.7:*
cp… 		2024-11-21 10:47
2013-02-13 		Show GitHub Exploit DB Packet Storm
69 -
7.5 		HIGH lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows re… NVD-CWE-Other
CVE-2013-0333 cpe:2.3:a:rubyonrails:rails:3.0.9:rc5
cpe:2.3:a:rubyonrails:rails:3.0.9:rc4
cpe:2.3:a:rubyonrails:rails:3.0.9:rc3… 		2024-11-21 10:47
2013-01-30 		Show GitHub Exploit DB Packet Storm
70 -
7.5 		HIGH active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which … CWE-20
 Improper Input Validation  		CVE-2013-0156 cpe:2.3:a:rubyonrails:rails:*:* 3.2.0 3.2.11 2024-11-21 10:46
2013-01-14 		Show GitHub Exploit DB Packet Storm