Product:

Rails

(Rubyonrails)
Repositories https://github.com/rails/rails
#Vulnerabilities 90
Date Id Summary Products Score Patch Annotated
2021-02-11 CVE-2021-22880 The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input. Fedora, Rails 7.5
2021-05-27 CVE-2021-22885 A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. Actionpack_page\-Caching, Rails 7.5