Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Ruby on Rails - HackerOne Reports

View on HackerOne

56

Total Reports

0

Critical

14

High

23

Medium

7

Low

XSS vulnerabilities due to missing checks in tag helpers

Reported by: amartinfraguas | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Unexpected deserialization in Kredis

Reported by: ooooooo_q | Disclosed:

High

Weakness: Deserialization of Untrusted Data

Path traversal in AcitveStorage, and lead RCE

Reported by: ooooooo_q | Disclosed:

High

Weakness: Path Traversal

http_basic_authenticate_with is suseptible to timing attacks.

Reported by: d_w | Disclosed:

Weakness: Improper Authentication - Generic

Regex Injection from request header (Rack::Sendfile, send_file)

Reported by: ooooooo_q | Disclosed:

Weakness: Code Injection

Nested attributes reject_if proc can be circumvented by providing "_destroy" parameter

Reported by: jcoyne | Disclosed:

High

Untrusted strings that are cache fetched with raw option are automatically marshal loaded

Reported by: dylan-ts | Disclosed:

High

Weakness: Deserialization of Untrusted Data

Regarding [CVE-2016-0752] Possible Information Leak Vulnerability in Action View

Reported by: jyotisingh | Disclosed:

Weakness: Code Injection

JSON keys are not properly escaped

Reported by: einstein_ | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

XSS when using `translate` in Action Controller (Rails 7.0, 7.1)

Reported by: ooooooo_q | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

CVEs: CVE-2020-15169

XSS vulnerability in sanitize-method when parsing link's href

Reported by: kaarloh | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

ReDoS (Rails::Html::PermitScrubber.scrub_attribute)

Reported by: ooooooo_q | Disclosed:

ReDoS in Rack::Multipart

Reported by: ooooooo_q | Disclosed:

High

Possible DOS in app with crashing `exceptions_app`

Reported by: ghiculescu | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Validation bypass for Active Record and Active Model

Reported by: backus | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

1-Click Cross-Site Scripting via Custom Configuration in SafeListSanitizer

Reported by: leonsirio | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Previous Page 3 of 3