Versions
6.0.3.4
7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1
4.2.0 up to and before 5.1.6.1
4.2.0 up to and before 5.0.7.1
7.0.4.1, 6.1.7.1
Fixed in 6.0.3.2
Fixed in 6.0.3.7, 6.1.3.2
5.2.0 and later and before 5.2.1.1
7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1
Fixed in 6.1.3.2
6.1.4.2, 6.0.4.2, 7.0.0.rc2
Fixed in 5.2.4.3, 6.0.3.1
5.2.4.3, 6.0.3.1
6.0.6.1, 6.1.7.1, 7.0.4.1
Fixed in 4.2.11.2
4.2.0 up to and before 5.2.1.1
6.1.4.1, 6.0.4.1
7.0.4.1
6.1.3.1, 6.0.3.7, 5.2.4.6, 5.2.6
Fixed in 6.1.2.1, 6.0.3.5, 5.2.4.5
4.2.0 up to and before 4.2.11
7.0.2.3, 6.1.4.7, 6.0.4.7, 5.2.6.3
Fixed in 6.1.2.1, 6.0.3.5
rails >= 5.2.4.3, rails >= 6.0.3.1
Fixed in 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6
6.1.7.1, 7.0.4.1
Recent CVEs
CVE-2023-22797
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.
CVE-2023-22792
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
CVE-2023-22795
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
CVE-2023-22794
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.
CVE-2022-44566
A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.
CVE-2023-22796
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.
CVE-2022-32224
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.
CVE-2022-22577
An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.
CVE-2022-27777
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
CVE-2022-21831
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.