Rubyonrails : Security Vulnerabilities, CVEs, Published In 2008

CVE-2008-5189

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
Max CVSS
5.0
EPSS Score
0.21%
Published
2008-11-21
Updated
2019-08-08

CVE-2008-4094

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
Max CVSS
7.5
EPSS Score
0.22%
Published
2008-09-30
Updated
2019-08-08
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close