Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Ruby on Rails - HackerOne Reports

View on HackerOne

56

Total Reports

0

Critical

14

High

23

Medium

7

Low

RCE which may occur due to `ActiveSupport::MessageVerifier` or `ActiveSupport::MessageEncryptor` (especially Active storage)

Reported by: ooooooo_q | Disclosed:

High

Weakness: Command Injection - Generic

Bounty: $1500.00

Path Traversal on Default Installed Rails Application (Asset Pipeline)

Reported by: orange | Disclosed:

Medium

Weakness: Path Traversal

Bounty: $1500.00

ActiveStorage direct upload fails to sign content-length header for S3 service

Reported by: travispew | Disclosed:

Medium

Weakness: Client-Side Enforcement of Server-Side Security

Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)

Reported by: 0b5cur17y | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

CVEs: CVE-2022-32209

Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS

Reported by: bjeanes | Disclosed:

Medium

Action Text XSS (Rails 7.1.x)

Reported by: ooooooo_q | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Open Redirect (6.0.0 < rails < 6.0.3.2)

Reported by: ooooooo_q | Disclosed:

High

Weakness: Open Redirect

Bounty: $1000.00

CVEs: CVE-2020-8185

XSS by MathML at Active Storage

Reported by: ooooooo_q | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Denial of Service in Action Pack Exception Handling

Reported by: ff7f00 | Disclosed:

Weakness: Uncontrolled Resource Consumption

Validation bypass for queries generated for PostgreSQL

Reported by: ooooooo_q | Disclosed:

Bounty: $1500.00

Subdomain Takeover at https://new.rubyonrails.org/

Reported by: nagli | Disclosed:

High

Weakness: Privilege Escalation

Content Security Policy is only active for HTML responses but not for image/svg+xml

Reported by: thorsteneckel | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag

Reported by: windshock | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Data-Tags and the New HTML Sanitizer Subverts CSRF protection

Reported by: benmmurphy | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

DoS with crafted "Range" header

Reported by: ooooooo_q | Disclosed:

High

ActiveStorage service's signed URLs can be hijacked via AppCache+Cookie stuffing trick when using GCS or DiskService

Reported by: rosa | Disclosed:

High

Weakness: Information Disclosure

Sauce Labs API key unencrypted in an old commit

Reported by: trufflesecurity | Disclosed:

Medium

Weakness: Use of Hard-coded Cryptographic Key

Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style)

Reported by: 0b5cur17y | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

HTTP Host injection in redirect_to function

Reported by: komang4130 | Disclosed:

Weakness: Improper Neutralization of HTTP Headers for Scripting Syntax

Explicit, dynamic render path: Dir. Trav + RCE

Reported by: forced-request | Disclosed:

High

Weakness: Code Injection

Bounty: $500.00

Page 1 of 3 Next