Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:https://github.com/rails/rails:*:*:*:*:*:*:*:*
part: a version: //github.com/rails/rails update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Https (b65e66a1-fb16-5533-954b-05eeb21e718a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-22797 |
vulnerable | 2026-06-08 05:54:27.094785 |
Details available
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.
Published: 2023-02-09T00:00:00.000Z
Updated: 2025-03-24T20:07:28.983Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22796 |
vulnerable | 2026-06-08 05:54:27.093402 |
Details available
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.
Published: 2023-02-09T00:00:00.000Z
Updated: 2024-11-27T15:16:00.509Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22795 |
vulnerable | 2026-06-08 05:54:27.091284 |
Details available
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
Published: 2023-02-09T00:00:00.000Z
Updated: 2024-08-02T10:20:30.901Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22794 |
vulnerable | 2026-06-08 05:54:27.089525 |
Details available
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.
Published: 2023-02-09T00:00:00.000Z
Updated: 2024-08-02T10:20:30.748Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22792 |
vulnerable | 2026-06-08 05:54:27.088173 |
Details available
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
Published: 2023-02-09T00:00:00.000Z
Updated: 2025-03-24T20:30:41.601Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-44566 |
vulnerable | 2026-06-08 05:49:35.650248 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-32224 |
vulnerable | 2026-06-08 05:44:42.761170 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27777 |
vulnerable | 2026-06-08 05:42:43.252790 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-22577 |
vulnerable | 2026-06-08 05:40:54.723070 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-21831 |
vulnerable | 2026-06-08 05:40:02.536683 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44528 |
vulnerable | 2026-06-08 05:36:46.247429 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22942 |
vulnerable | 2026-06-08 05:30:01.977542 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22904 |
vulnerable | 2026-06-08 05:30:01.833588 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22903 |
vulnerable | 2026-06-08 05:30:01.825118 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22902 |
vulnerable | 2026-06-08 05:30:01.824780 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22885 |
vulnerable | 2026-06-08 05:30:01.714310 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22881 |
vulnerable | 2026-06-08 05:30:01.696489 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22880 |
vulnerable | 2026-06-08 05:30:01.694851 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8264 |
vulnerable | 2026-06-08 05:27:15.457125 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8185 |
vulnerable | 2026-06-08 05:27:15.115310 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8166 |
vulnerable | 2026-06-08 05:27:14.995786 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8165 |
vulnerable | 2026-06-08 05:27:14.994815 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8164 |
vulnerable | 2026-06-08 05:27:14.994014 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8163 |
vulnerable | 2026-06-08 05:27:14.993371 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-8162 |
vulnerable | 2026-06-08 05:27:14.991832 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16477 |
vulnerable | 2026-06-08 05:11:04.915810 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16476 |
vulnerable | 2026-06-08 05:11:04.913488 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.