Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / rubygems

rubygems

954 tracked vulnerabilities.

CVE-2020-8185 MEDIUM

Rails 6.0.0-6.0.3.1 - Unauthenticated Denial of Service via Pending Migration Execution

CVE-2020-8166 MEDIUM

rails < 5.2.5 and < 6.0.4 - Cross-Site Request Forgery via Per-Form Token Forgery

CVE-2020-8163 HIGH NUCLEI

Rails < 5.0.1 - Remote Code Execution via Render Locals Argument

CVE-2020-8161 HIGH

rack < 2.2.0 - Directory Traversal in Rack::Directory

CVE-2020-8167 MEDIUM

rails <= 6.0.3 - Cross-Site Request Forgery via rails-ujs Module

CVE-2020-8165 CRITICAL

Rails <5.2.4.3-6.0.3.1 - Deserialization

CVE-2020-8184 HIGH

rack < 2.1.4 - Cookie Integrity Bypass via Unvalidated Prefix

CVE-2020-8164 HIGH

Rails <5.2.4.3-6.0.3.1 - Info Disclosure

CVE-2020-8162 HIGH

Rails <5.2.4.2, <6.0.3.1 - Info Disclosure

CVE-2020-4054 HIGH

sanitize 3.0.0-5.2.0 - Cross-Site Scripting via Relaxed Config Bypass

CVE-2020-7671 HIGH

goliath < 1.0.6 - HTTP Request Smuggling via Duplicate Content-Length Header

CVE-2020-7670 HIGH

agoo < 2.14.0 - HTTP Request Smuggling via Incorrect Content-Length and Transfer Encoding Parsing

CVE-2020-7663 HIGH

websocket-extensions < 0.1.5 - Denial of Service via Regex Backtracking in Header Parser

CVE-2020-7659 HIGH

reel < 0.6.1 - HTTP Request Smuggling via Content-Length and Transfer Encoding Header Parsing

CVE-2020-11082 MEDIUM

kaminari < 1.2.1 - Cross-Site Scripting via Pagination Links

CVE-2020-13482 HIGH

EM-HTTP-Request 1.1.5 - Man-in-the-Middle

CVE-2020-11077 MEDIUM

Puma 3.0.0-3.12.5 - HTTP Request Smuggling via Proxy Connection Reuse

CVE-2020-11076 HIGH

Puma 3.0.0-3.12.5 and 4.0.0-4.3.3 - HTTP Request Smuggling via Invalid Transfer-Encoding Header

CVE-2020-13163 HIGH

em-imap 0.5 - Improper Certificate Validation

CVE-2020-7656 MEDIUM

jQuery < 1.9.0 - Cross-Site Scripting via Load Method

CVE-2020-8159 CRITICAL

actionpack_page-caching < v1.2.1 - Code Injection

CVE-2020-8151 HIGH

Active Resource <v5.1.1 - Info Disclosure

CVE-2020-11052 HIGH

Sorcery < 0.15.0 - Brute Force Protection Bypass via Expired Lockout

CVE-2020-10187 HIGH

Doorkeeper 5.0.0-5.0.3 - Unauthenticated Information Disclosure via OAuth Authorized Applications Endpoint

CVE-2020-11022 MEDIUM

jQuery 1.12.0-3.4.1 - Cross-Site Scripting via DOM Manipulation Methods

Previous Page 19 of 39 Next

Products

actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy