|Max CVSS||7.5||Min CVSS||5.0||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
|24-05-2022 - 16:06||02-07-2020 - 19:15|
Directory traversal vulnerability in Action View in Ruby on Rails before 220.127.116.11, 4.0.x and 4.1.x before 18.104.22.168, 4.2.x before 22.214.171.124, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unre
|08-08-2019 - 15:43||16-02-2016 - 02:59|
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection
|08-08-2019 - 15:42||13-01-2013 - 22:55|