Ruby on Rails Program Statistics

View program

54 total issues disclosed

$23,250 total paid publicly

Most disclosed (13 disclosures) — Cross-site Scripting (XSS) - Generic

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
ActiveStorage Disk Service Path Traversal via Custom Blob Key Injection Path Traversal ksw9722 Medium 2026-05-07
Rails::HTML::Sanitizer.allowed_uri? returns true for entity-encoded control-character-split javascript: URLs None supplied smlee Low 2026-04-18
1-Click Cross-Site Scripting via Custom Configuration in SafeListSanitizer Cross-site Scripting (XSS) - Generic maitaii Medium 2025-04-09
Action Text XSS (Rails 7.1.x) Cross-site Scripting (XSS) - Stored ooooooo_q Medium 2025-02-04
Path traversal in AcitveStorage, and lead RCE Path Traversal ooooooo_q High 2024-10-08
Sauce Labs API key unencrypted in an old commit Use of Hard-coded Cryptographic Key trufflesecurity Medium 2024-10-08
XSS when using `translate` in Action Controller (Rails 7.0, 7.1) Cross-site Scripting (XSS) - Generic ooooooo_q Low 2024-10-01
DoS with crafted "Range" header None supplied ooooooo_q High 2024-06-25
Unexpected deserialization in Kredis Deserialization of Untrusted Data ooooooo_q High 2023-08-16
Content Security Policy is only active for HTML responses but not for image/svg+xml Cross-site Scripting (XSS) - Stored thorsteneckel No rating 2023-07-28
XSS vulnerabilities due to missing checks in tag helpers Cross-site Scripting (XSS) - Generic amartinfraguas Medium 2023-07-28
Argument/Code Injection via ActiveStorage's image transformation functionality Code Injection gquadros_ High 2023-07-28
Incorrect handling of certain characters passed to the redirection functionality in Rails can lead to a single-click XSS vulnerability. Cross-site Scripting (XSS) - Reflected meowday Medium 2023-07-28
ReDoS in Rack::Multipart None supplied ooooooo_q High 2023-07-28
ActionView sanitize helper bypass leading to XSS using SVG tag. Cross-site Scripting (XSS) - Generic haqpl Medium 2023-07-10
Escape Sequence Injection vulnerability in Rack None supplied vairelt Medium 2023-06-28
Possible DOS in app with crashing `exceptions_app` Uncontrolled Resource Consumption ghiculescu Medium 2023-06-28
ReDoS (Rails::Html::PermitScrubber.scrub_attribute) None supplied ooooooo_q No rating 2023-01-02
Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style) Cross-site Scripting (XSS) - Generic 0b5cur17y Medium 2022-12-14
Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations) Cross-site Scripting (XSS) - Generic 0b5cur17y Medium 2022-12-14
Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag Cross-site Scripting (XSS) - Generic windshock Medium 2022-06-14
Subdomain Takeover at https://new.rubyonrails.org/ Privilege Escalation nagli High 2022-03-03
XSS by MathML at Active Storage Cross-site Scripting (XSS) - Stored ooooooo_q Medium 2021-06-15
HTTP Host injection in redirect_to function Improper Neutralization of HTTP Headers for Scripting Syntax komang4130 No rating 2021-06-15
Regex Injection from request header (Rack::Sendfile, send_file) Code Injection ooooooo_q No rating 2021-06-15
redirect_to(["string"]) remote code execution Information Exposure Through an Error Message gmcgibbon Low 2021-05-07
XSS by file (Active Storage `Proxying`) Cross-site Scripting (XSS) - Stored ooooooo_q Medium 2020-09-02
The authenticity_token can be reversed and used to forge valid per_form_csrf_tokens for arbitrary routes Cross-Site Request Forgery (CSRF) jregele Medium 2020-08-27
Untrusted users able to run pending migrations in production Denial of Service tenderlove Medium 2020-07-24
File writing by Directory traversal at actionpack-page_caching and RCE by it Path Traversal ooooooo_q High 2020-07-13
Rack parses encoded cookie names allowing an attacker to send malicious `__Host-` and `__Secure-` prefixed cookies Reliance on Cookies without Validation and Integrity Checking in a Security Decision fletchto99 Low 2020-06-16
XSS due to incomplete JS escaping Cross-site Scripting (XSS) - Generic jessecampos Low 2020-05-15
Missing resource identifier encoding may lead to security vulnerabilities Information Disclosure jobert Medium 2020-05-13
Path Traversal on Default Installed Rails Application (Asset Pipeline) Path Traversal orange Medium 2018-07-19
XSS vulnerability in sanitize-method when parsing link's href Cross-site Scripting (XSS) - Generic kaarloh Medium 2018-03-22
Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass None supplied joernchen No rating 2018-02-07
Data-Tags and the New HTML Sanitizer Subverts CSRF protection Cross-site Scripting (XSS) - Generic benmmurphy No rating 2016-03-13
http_basic_authenticate_with is suseptible to timing attacks. Improper Authentication - Generic d_w No rating 2016-03-13
[Rails42] We can inject HTML tags when server is using strip_tags method Cross-site Scripting (XSS) - Generic arthurnn No rating 2016-03-13
DoS Attack in Controller Lookup Code Denial of Service tenderlove No rating 2016-03-13
Potential XSS on sanitize/Rails::Html::WhiteListSanitizer Cross-site Scripting (XSS) - Generic garnu No rating 2016-03-13
Regarding [CVE-2016-0752] Possible Information Leak Vulnerability in Action View Code Injection jyotisingh No rating 2016-03-01
Remote code execution using render :inline Code Injection kratob2 No rating 2016-03-01
Nested attributes reject_if proc can be circumvented by providing "_destroy" parameter None supplied jcoyne High 2016-02-13
Changeable model ids on vanilla update can lead to severely bad side-effects Violation of Secure Design Principles zachaysan No rating 2016-02-12
Validation bypass for Active Record and Active Model Violation of Secure Design Principles backus Medium 2016-02-12
Explicit, dynamic render path: Dir. Trav + RCE Code Injection forced-request High 2016-02-12
Directory traversal attack in view resolver Information Disclosure lautis No rating 2015-07-09
Denial of Service in Action Pack Exception Handling Denial of Service ff7f00 No rating 2015-06-16
rails-ujs will send CSRF tokens to other origins Cross-Site Request Forgery (CSRF) mastahyeti No rating 2015-06-16
RCE due to Web Console IP Whitelist bypass in Rails 4.0 and 4.1 Code Injection joernchen No rating 2015-06-16
JSON keys are not properly escaped Cross-site Scripting (XSS) - Generic einstein_ High 2015-06-16
Arbitrary file existence disclosure in Action Pack None supplied nahamsec No rating 2014-11-20
Active Record SQL Injection Vulnerability Affecting PostgreSQL None supplied seantheprogrammer No rating 2014-07-02