GCVE - cpe:2.3:a:rails:https://github.com/rails/rails:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:rails:https://github.com/rails/rails:*:*:*:*:*:*:*:*

part: a version: //github.com/rails/rails update: *

Vendor	Rails (`c2f75d8c-3de5-5ca8-bae8-6b2589edf586`)
Product	Https (`e038b72e-13de-5aed-a3a1-afd715735b69`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-5420`	vulnerable	2026-06-08 05:13:59.086788	Details available A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. Published: 2019-03-27T13:48:13.000Z Updated: 2024-08-04T19:54:53.584Z Open on db.gcve.eu Reference links https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html https://www.exploit-db.com/exploits/46785/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-5419`	vulnerable	2026-06-08 05:13:59.086006	Details available There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. Published: 2019-03-27T13:43:19.000Z Updated: 2024-08-04T19:54:53.468Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2019/03/22/1 https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html https://access.redhat.com/errata/RHSA-2019:0796	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-5418`	vulnerable	2026-06-08 05:13:59.082118	Details available There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. Published: 2019-03-27T13:38:58.000Z Updated: 2025-10-21T23:45:41.038Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/46585/ http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html http://www.openwall.com/lists/oss-security/2019/03/22/1 https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Https

PURL mappings

Vulnerability references

Contribute