📦 Rails

This CVE describes a ReDoS (Regular Expression Denial of Service) vulnerability in Ruby on Rails Action Dispatch. Attackers can cause excessive CPU and memory usage by sending specially crafted cookie...

This CVE describes a ReDoS (Regular Expression Denial of Service) vulnerability in Ruby on Rails Action Dispatch. Attackers can send specially crafted HTTP If-None-Match headers to cause catastrophic ...

CVE-2022-23633 is a data leakage vulnerability in Ruby on Rails Action Pack where response bodies may not be properly closed, causing thread local state to persist between requests. This allows sensit...

This vulnerability in Ruby on Rails' Actionpack gem allows attackers to cause denial of service through token authentication. A too-permissive regular expression in the HTTP token authentication logic...

This vulnerability in Ruby on Rails Action Pack allows attackers to perform information disclosure or unintended method execution when using redirect_to or polymorphic_url helpers with untrusted user ...

This vulnerability in Ruby on Rails Action Pack causes the Permissions-Policy HTTP header to be omitted from non-HTML responses, potentially allowing cross-origin resource access that should be restri...