Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Ruby on rails Number Of NVD 106 CRITICAL 3 HIGH 34 MEDIUM 68 LOW 1
URL https://rubyonrails.org/
Explanation This is the most famous framework in Ruby.
Its basic philosophy is "Don't Repeat Yourself" and "Convention over Configuration".
Model View Controller (MVC) is used.

The latest major release contains bug fixes and security fixes.
The previous major release contains security fixes.
Earlier major releases are no longer supported.

Serious security issues may be addressed outside of support.
Tag
  • MIT License
  • Ruby
Add Information URL
No Type Name URL
1 https://rubyonrails.org/
2 https://guides.rubyonrails.org/maintenance_policy.html
3 https://railslts.com/
4 https://railsguides.jp/maintenance_policy.html
5 https://weblog.rubyonrails.org/releases/
6 https://github.com/rails/rails
7 https://rubyonrails.org/security/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
71 Ruby on rails 7.0 7.0.8.4 June 4, 2024 Dec. 15, 2021 1 2 4 0
72 Ruby on rails 6.1 6.1.7.7 Feb. 21, 2024 Dec. 9, 2020 1 6 6 0
73 Ruby on rails 6.0 6.0.6.1 Jan. 17, 2023 Aug. 16, 2019 2 8 9 0
74 Ruby on rails 5.2 5.2.8.1 July 12, 2022 April 9, 2018 2 10 5 0
75 Ruby on Rails 5.1 5.1.7 March 27, 2019 April 27, 2017 April 9, 2018 April 9, 2018 2 11 4 0
76 Ruby on rails 5.0 5.0.7.2 March 11, 2019 June 30, 2016 April 27, 2017 April 27, 2017 2 15 7 1
77 Ruby on rails 4.2 4.2.11.3 May 15, 2020 Dec. 20, 2014 June 30, 2016 Aug. 16, 2019 2 17 9 1
78 Ruby on rails 4.1 4.1.16 July 12, 2016 April 8, 2014 Dec. 20, 2014 Dec. 20, 2014 2 17 12 1
79 Ruby on rails 4.0 4.0.13 Jan. 6, 2015 June 25, 2013 April 8, 2014 Dec. 20, 2014 2 17 14 1
80 Ruby on rails 3.2 3.2.2.25 2 16 31 0
81 Ruby on rails 3.1 3.1.9 2 16 35 0
82 Ruby on rails 3.0 3.0.9 2 20 37 0
83 Ruby on rails 2.3 2.3.9 2 14 29 0
84 Ruby on rails 2.2 2.2.3 2 12 22 0
85 Ruby on rails 2.1 2.1.2 2 13 24 0
86 Ruby on rails 2.0 2.0.5 2 13 22 0
87 Ruby on rails 1.9 1.9.5 2 11 17 0
88 Ruby on rails 1.2 1.2.6 2 11 17 0
89 Ruby on rails 1.1 1.1.6 2 13 17 0
90 Ruby on rails 1.0 1.0.0 2 12 16 0
91 Ruby on rails 0.9 0.9.5 2 12 16 0
92 Ruby on rails 0.14 0.14.4 2 12 16 0
93 Ruby on rails 0.13 0.13.1 2 12 16 0
94 Ruby on rails 0.12 0.12.1 2 12 16 0
95 Ruby on rails 0.11 0.11.1 2 12 16 0
96 Ruby on rails 0.10 0.10.1 2 12 16 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
71 -
6.4 		MEDIUM Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implement… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-0155 cpe:2.3:a:rubyonrails:rails:*:* 3.2.0 3.2.11 2024-11-21 10:46
2013-01-14 		Show GitHub Exploit DB Packet Storm
72 -
5.0 		MEDIUM The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL i… CWE-89
SQL Injection 		CVE-2012-6497 cpe:2.3:a:rubyonrails:rails:*:* 3.2.10 2024-11-21 10:46
2013-01-4 		Show GitHub Exploit DB Packet Storm
73 -
7.5 		HIGH SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a … CWE-89
SQL Injection 		CVE-2012-6496 cpe:2.3:a:rubyonrails:rails:3.2.9:*
cpe:2.3:a:rubyonrails:rails:3.2.8:*
cpe:2.3:a:rubyonrails:rails:3.2.7:*
cp… 		2024-11-21 10:46
2013-01-4 		Show GitHub Exploit DB Packet Storm
74 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 a… CWE-79
Cross-site Scripting 		CVE-2012-3465 cpe:2.3:a:rubyonrails:rails:3.2.7:*
cpe:2.3:a:rubyonrails:rails:3.2.6:*
cpe:2.3:a:rubyonrails:rails:3.2.5:*
cp… 		2024-11-21 10:40
2012-08-10 		Show GitHub Exploit DB Packet Storm
75 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow re… CWE-79
Cross-site Scripting 		CVE-2012-3464 cpe:2.3:a:rubyonrails:rails:3.2.7:*
cpe:2.3:a:rubyonrails:rails:3.2.6:*
cpe:2.3:a:rubyonrails:rails:3.2.5:*
cp… 		2024-11-21 10:40
2012-08-10 		Show GitHub Exploit DB Packet Storm
76 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attacker… CWE-79
Cross-site Scripting 		CVE-2012-3463 cpe:2.3:a:rubyonrails:rails:3.2.7:*
cpe:2.3:a:rubyonrails:rails:3.2.6:*
cpe:2.3:a:rubyonrails:rails:3.2.5:*
cp… 		2024-11-21 10:40
2012-08-10 		Show GitHub Exploit DB Packet Storm
77 -
5.0 		MEDIUM The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentic… CWE-287
Improper Authentication 		CVE-2012-3424 cpe:2.3:a:rubyonrails:rails:3.2.6:*
cpe:2.3:a:rubyonrails:rails:3.2.5:*
cpe:2.3:a:rubyonrails:rails:3.2.4:rc1
 2024-11-21 10:40
2012-08-8 		Show GitHub Exploit DB Packet Storm
78 -
7.5 		HIGH The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord cla… CWE-89
SQL Injection 		CVE-2012-2695 cpe:2.3:a:rubyonrails:rails:3.2.5:*
cpe:2.3:a:rubyonrails:rails:3.2.4:rc1
cpe:2.3:a:rubyonrails:rails:3.2.4:*
 2024-11-21 10:39
2012-06-22 		Show GitHub Exploit DB Packet Storm
79 -
4.3 		MEDIUM actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Acti… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-2694 cpe:2.3:a:rubyonrails:rails:3.2.5:*
cpe:2.3:a:rubyonrails:rails:3.2.4:rc1
cpe:2.3:a:rubyonrails:rails:3.2.4:*
 2024-11-21 10:39
2012-06-22 		Show GitHub Exploit DB Packet Storm
80 -
5.0 		MEDIUM The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveReco… CWE-89
SQL Injection 		CVE-2012-2661 cpe:2.3:a:rubyonrails:rails:3.2.4:rc1
cpe:2.3:a:rubyonrails:rails:3.2.3:rc2
cpe:2.3:a:rubyonrails:rails:3.2.3:rc1… 		2024-11-21 10:39
2012-06-22 		Show GitHub Exploit DB Packet Storm