Ruby On Rails 漏洞列表

共找到 4 个与 Ruby On Rails 相关的漏洞

📅 加载漏洞趋势中...

CVE-2018-3760: Ruby On Rails Path Traversal POC

日期: 2025-09-01 | 影响软件: Ruby On Rails

Ruby On Rails在开发环境下使用Sprockets作为静态文件服务器，Ruby On Rails是著名Ruby Web开发框架，Sprockets是编译及分发静态资源文件的Ruby库。 Sprockets 3.7.1及之前版本中，存在一处因为二次解码导致的路径穿越漏洞，攻击者可以利用%252e%252e/来跨越到根目录，读取或执行目标服务器上任意文件。 title="Ruby On Rails"
CVE-2015-3224: Ruby on Rails Web Console - Remote Code Execution POC

日期: 2025-08-01 | 影响软件: Ruby on Rails

Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb.
CVE-2018-3760: Ruby On Rails - Local File Inclusion POC

日期: 2025-08-01 | 影响软件: Ruby On Rails

Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server.
CVE-2020-8163: Ruby on Rails <5.0.1 - Remote Code Execution POC

日期: 2025-08-01 | 影响软件: Ruby on Rails

Ruby on Rails before version 5.0.1 is susceptible to remote code execution because it passes user parameters as local variables into partials.

CVE-2018-3760: Ruby On Rails Path Traversal POC

CVE-2015-3224: Ruby on Rails Web Console - Remote Code Execution POC

CVE-2018-3760: Ruby On Rails - Local File Inclusion POC

CVE-2020-8163: Ruby on Rails <5.0.1 - Remote Code Execution POC