Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / rubygems

rubygems

954 tracked vulnerabilities.

Redhat Enterprise Linux < 2.3.17 - XSS

Ruby on Rails 3.0.x-3.1.x < 3.1.12 and 3.2.x < 3.2.13 - XML External Entity Injection via ActiveSupport::XmlMini_JDOM

Ruby on Rails < 2.3.18, 3.0.x-3.1.x < 3.1.12, 3.2.x < 3.2.13 - Cross-Site Scripting via CSS Token Sequence

Ruby on Rails 2.3.x < 2.3.18, 3.1.x < 3.1.12, 3.2.x < 3.2.13 - Denial of Service via Active Record Query Processing

Spree <1.1.6, 1.2.x, 1.3.x - Privilege Escalation

Spree Commerce 1.0.0-1.3.2 - Authenticated Remote Code Execution via Unsafe Constantize Function

RDoc 2.3.0-3.12 and 4.x < 4.0.0.preview2.1 - Cross-Site Scripting via darkfish.js

Rack 1.1.x-1.1.4, 1.2.x-1.2.6, 1.3.x-1.3.8, 1.4.x-1.4.3 - Denial of Service via Symbolized Arbitrary Strings

Rack 1.3.0-1.3.7 and 1.4.0-1.4.2 - Denial of Service via Long String in Multipart HTTP Packet

ruby_parser < 3.1.1 - Arbitrary File Write via Symlink Attack on Temporary File

Ruby on Rails < 2.3.17 and 3.x < 3.1.0 - Remote Code Execution via YAML Deserialization

Ruby on Rails < 2.3.17, 3.1.x < 3.1.11, 3.2.x < 3.2.12 - Unauthenticated Protected Attribute Bypass via Crafted Request

JSON gem < 1.5.5, 1.6.x < 1.6.8, 1.7.x < 1.7.7 - DoS and Mass Assignment Bypass via Crafted JSON

Rack <1.5.2, <1.4.5, <1.3.10, <1.2.8, <1.1.6 - RCE

Rack 1.4.x < 1.4.5 and 1.5.x < 1.5.2 - Path Traversal via PATH_INFO Environment Variable

Ruby on Rails 2.3.x-2.3.15 and 3.0.x-3.0.19 - Remote Code Execution via YAML Deserialization

Ruby on Rails JSON Processor YAML Deserialization Code Execution

Ruby on Rails 3.0.x < 3.0.19, 3.1.x < 3.1.10, 3.2.x < 3.2.11 - SQL Query Manipulation via JSON Parameter Handling

CVE-2012-6685 HIGH

Nokogiri < 1.5.4 - XML External Entity Injection

CVE-2012-6135 HIGH

RubyGems passenger 4.0.0 beta1-beta2 - Arbitrary File Deletion

CVE-2012-6708 MEDIUM

jQuery < 1.9.0 - Cross-Site Scripting via jQuery(strInput) Function

RedCloth < 4.2.9 - Cross-Site Scripting via JavaScript URI

Redhat Enterprise Linux Desktop < 1.10.0 - XSS

RubyGems < 1.8.23 - Man-in-the-Middle Attack via Unverified SSL Certificate

RubyGems < 1.8.23 - HTTPS to HTTP Redirection

Previous Page 35 of 39 Next

Products

actionpack 63 rack 50 nokogiri 34 rubygems 25 rubygems-update 25 activerecord 23 puppet 23 activesupport 17 publify_core 15 passenger 14 rails-html-sanitizer 14 actionview 13 decidim 12 puma 12 camaleon_cms 11 fat_free_crm 11 rails 11 activestorage 10 ruby-saml 10 jquery-rails 9 openc3 8 rexml 8 bootstrap 7 bootstrap-sass 7 jquery-ui-rails 7 katello 7 lodash-rails 7 net-imap 7 spree 7 avo 6

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy