Software Detail

Software Informaton Top

Framework

Software Detail

Ruby on rails

Number Of NVD

106

CRITICAL

HIGH

MEDIUM

LOW

URL	https://rubyonrails.org/
Explanation	This is the most famous framework in Ruby. Its basic philosophy is "Don't Repeat Yourself" and "Convention over Configuration". Model View Controller (MVC) is used. The latest major release contains bug fixes and security fixes. The previous major release contains security fixes. Earlier major releases are no longer supported. Serious security issues may be addressed outside of support.
Tag	MIT License Ruby

Add Information URL

No	Type	Name	URL
1			https://rubyonrails.org/
2			https://guides.rubyonrails.org/maintenance_policy.html
3			https://railslts.com/
4			https://railsguides.jp/maintenance_policy.html
5			https://weblog.rubyonrails.org/releases/
6			https://github.com/rails/rails
7			https://rubyonrails.org/security/

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Security Support Service Pack Support	Critical	High	Medium	Low
81	Ruby on rails 7.0	7.0.8.4	June 4, 2024	Dec. 15, 2021			1	2	4	0
82	Ruby on rails 6.1	6.1.7.7	Feb. 21, 2024	Dec. 9, 2020			1	6	6	0
83	Ruby on rails 6.0	6.0.6.1	Jan. 17, 2023	Aug. 16, 2019			2	8	9	0
84	Ruby on rails 5.2	5.2.8.1	July 12, 2022	April 9, 2018			2	10	5	0
85	Ruby on Rails 5.1	5.1.7	March 27, 2019	April 27, 2017	April 9, 2018	April 9, 2018	2	11	4	0
86	Ruby on rails 5.0	5.0.7.2	March 11, 2019	June 30, 2016	April 27, 2017	April 27, 2017	2	15	7	1
87	Ruby on rails 4.2	4.2.11.3	May 15, 2020	Dec. 20, 2014	June 30, 2016	Aug. 16, 2019	2	17	9	1
88	Ruby on rails 4.1	4.1.16	July 12, 2016	April 8, 2014	Dec. 20, 2014	Dec. 20, 2014	2	17	12	1
89	Ruby on rails 4.0	4.0.13	Jan. 6, 2015	June 25, 2013	April 8, 2014	Dec. 20, 2014	2	17	14	1
90	Ruby on rails 3.2	3.2.2.25					2	16	31	0
91	Ruby on rails 3.1	3.1.9					2	16	35	0
92	Ruby on rails 3.0	3.0.9					2	20	37	0
93	Ruby on rails 2.3	2.3.9					2	14	29	0
94	Ruby on rails 2.2	2.2.3					2	12	22	0
95	Ruby on rails 2.1	2.1.2					2	13	24	0
96	Ruby on rails 2.0	2.0.5					2	13	22	0
97	Ruby on rails 1.9	1.9.5					2	11	17	0
98	Ruby on rails 1.2	1.2.6					2	11	17	0
99	Ruby on rails 1.1	1.1.6					2	13	17	0
100	Ruby on rails 1.0	1.0.0					2	12	16	0
101	Ruby on rails 0.9	0.9.5					2	12	16	0
102	Ruby on rails 0.14	0.14.4					2	12	16	0
103	Ruby on rails 0.13	0.13.1					2	12	16	0
104	Ruby on rails 0.12	0.12.1					2	12	16	0
105	Ruby on rails 0.11	0.11.1					2	12	16	0
106	Ruby on rails 0.10	0.10.1					2	12	16	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
81	- 6.4	MEDIUM	actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Acti…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-2660	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1 cpe:2.3:a:rubyonrails:rails:3.2.3:rc2 cpe:2.3:a:rubyonrails:rails:3.2.3:rc1…	2024-11-21 10:39 2012-06-22	Show	GitHub Exploit DB Packet Storm

82	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3…	CWE-79 Cross-site Scripting	CVE-2012-1099	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1 cpe:2.3:a:rubyonrails:rails:3.2.1:* cpe:2.3:a:rubyonrails:rails:3.2.0:rc2	2024-11-21 10:36 2012-03-13	Show	GitHub Exploit DB Packet Storm

83	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors in…	CWE-79 Cross-site Scripting	CVE-2012-1098	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1 cpe:2.3:a:rubyonrails:rails:3.2.1:* cpe:2.3:a:rubyonrails:rails:3.2.0:rc2	2024-11-21 10:36 2012-03-13	Show	GitHub Exploit DB Packet Storm

84	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows re…	CWE-79 Cross-site Scripting	CVE-2011-4319	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3 cpe:2.3:a:rubyonrails:rails:3.1.1:rc2 cpe:2.3:a:rubyonrails:rails:3.1.1:rc1…	2024-11-21 10:32 2011-11-28	Show	GitHub Exploit DB Packet Storm

85	- 4.3	MEDIUM	The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which…	CWE-20 Improper Input Validation	CVE-2011-3187	cpe:2.3:a:rubyonrails:rails:3.0.5:*	2024-11-21 10:29 2011-08-30	Show	GitHub Exploit DB Packet Storm

86	- 4.3	MEDIUM	CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response sp…	CWE-94 Code Injection	CVE-2011-3186	cpe:2.3:a:rubyonrails:rails:2.3.9:* cpe:2.3:a:rubyonrails:rails:2.3.4:* cpe:2.3:a:rubyonrails:rails:2.3.3:* cp…	2024-11-21 10:29 2011-08-30	Show	GitHub Exploit DB Packet Storm

87	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow…	CWE-79 Cross-site Scripting	CVE-2011-2932	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4 cpe:2.3:a:rubyonrails:rails:3.1.0:rc3 cpe:2.3:a:rubyonrails:rails:3.1.0:rc2…	2024-11-21 10:29 2011-08-30	Show	GitHub Exploit DB Packet Storm

88	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x b…	CWE-79 Cross-site Scripting	CVE-2011-2931	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4 cpe:2.3:a:rubyonrails:rails:3.1.0:rc3 cpe:2.3:a:rubyonrails:rails:3.1.0:rc2…	2024-11-21 10:29 2011-08-30	Show	GitHub Exploit DB Packet Storm

89	- 7.5	HIGH	Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before …	CWE-89 SQL Injection	CVE-2011-2930	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4 cpe:2.3:a:rubyonrails:rails:3.1.0:rc3 cpe:2.3:a:rubyonrails:rails:3.1.0:rc2…	2024-11-21 10:29 2011-08-30	Show	GitHub Exploit DB Packet Storm

90	- 5.0	MEDIUM	The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which…	CWE-20 Improper Input Validation	CVE-2011-2929	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5 cpe:2.3:a:rubyonrails:rails:3.1.0:rc4 cpe:2.3:a:rubyonrails:rails:3.1.0:rc3…	2024-11-21 10:29 2011-08-30	Show	GitHub Exploit DB Packet Storm