rails vulnerabilities

Known vulnerabilities in the rails package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L CVE-2024-26144	*
L CVE-2023-38037	*
L CVE-2023-28362	*
L CVE-2023-28120	*
L CVE-2023-23913	*
H Inefficient Regular Expression Complexity	*
H Inefficient Regular Expression Complexity	*
H CVE-2022-44566	*
H Inefficient Regular Expression Complexity	*
L Improper Enforcement of Message or Data Structure	*
C Deserialization of Untrusted Data	*
M Cross-site Scripting (XSS)	<2:5.2.2.1+dfsg-1+deb10u4
M Cross-site Scripting (XSS)	<2:5.2.2.1+dfsg-1+deb10u4
C Arbitrary Code Injection	<2:5.2.2.1+dfsg-1+deb10u4
M Improper Cross-boundary Removal of Sensitive Data	<2:5.2.2.1+dfsg-1+deb10u4
H Information Exposure	<2:5.2.2.1+dfsg-1+deb10u3
H CVE-2021-22904	<2:5.2.2.1+dfsg-1+deb10u3
H Resource Exhaustion	<2:5.2.2.1+dfsg-1+deb10u3
M Cross-site Scripting (XSS)	<2:5.2.2.1+dfsg-1+deb10u2
H Arbitrary Code Injection	<2:5.2.0+dfsg-2
C Deserialization of Untrusted Data	<2:5.2.2.1+dfsg-1+deb10u2
M Cross-site Request Forgery (CSRF)	<2:5.2.2.1+dfsg-1+deb10u2
H Unrestricted Upload of File with Dangerous Type	<2:5.2.2.1+dfsg-1+deb10u2
M Cross-site Request Forgery (CSRF)	<2:5.2.2.1+dfsg-1+deb10u2
H Deserialization of Untrusted Data	<2:5.2.2.1+dfsg-1+deb10u2
M Cross-site Scripting (XSS)	<2:5.2.2.1+dfsg-1+deb10u1
C Improper Input Validation	<2:5.2.2.1+dfsg-1
H Allocation of Resources Without Limits or Throttling	<2:5.2.2.1+dfsg-1
H CVE-2019-5418	<2:5.2.2.1+dfsg-1
H Deserialization of Untrusted Data	<2:5.2.2+dfsg-1
M CVE-2018-16477	<2:5.2.2+dfsg-1
L Missing Encryption of Sensitive Data	*
L SQL Injection	*
L SQL Injection	*
L SQL Injection	*
L SQL Injection	*
H Improper Access Control	<2:4.2.7.1-1
L Cross-site Scripting (XSS)	<2:4.2.7.1-1
M Directory Traversal	<2:4.2.5.2-1
H Improper Input Validation	<2:4.2.5.2-1
M Improper Input Validation	<2:4.2.5.1-1
L Security Features	<2:4.2.5.1-1
H Directory Traversal	<2:4.2.5.1-1
H Resource Management Errors	<2:4.2.5.1-1
M Improper Access Control	<2:4.2.5.1-1
H Resource Management Errors	<2:4.2.5.1-1
M Cross-site Scripting (XSS)	<2:4.2.4-2
M CVE-2015-3227	<2:4.2.4-2
M Directory Traversal	<2:4.1.8-1
M Directory Traversal	<2:4.1.8-1
H Access Restriction Bypass	<2:4.1.5-1
H SQL Injection	<2:4.1.4-1
H SQL Injection	<2:4.1.4-1
M Improper Input Validation	<2.3.14.1
M Cross-site Scripting (XSS)	<2.3.14.1
L Improper Input Validation	<2.3.14.1
M Cross-site Scripting (XSS)	<2.3.14.1
M Improper Input Validation	<2.3.14.1
M Cross-site Scripting (XSS)	<2.3.14.1
M Access Restriction Bypass	<2.3.14.1
C CVE-2013-0277	<2.3.14.1
H CVE-2013-0333	<2.3.14.1
M Access Restriction Bypass	<2.3.14.1
H Improper Input Validation	<2.3.14.1
M Information Exposure	<2.3.14.1
H SQL Injection	<2.3.14.1
L Cross-site Scripting (XSS)	<2.3.14.1
L Cross-site Scripting (XSS)	<2.3.14.1
M Cross-site Scripting (XSS)	<2.3.14
M Cross-site Scripting (XSS)	<2.3.14
H SQL Injection	<2.3.14
M Cross-site Scripting (XSS)	<2.3.14
L Improper Input Validation	*
M Arbitrary Code Injection	<2.3.14
M Cross-site Scripting (XSS)	<2.3.14
M Cross-site Request Forgery (CSRF)	<2.3.11-0.1
M Cross-site Scripting (XSS)	<2.3.11-0.1
M Improper Input Validation	<2.2.3-1
L Cross-site Scripting (XSS)	<2.2.3-2
L Information Exposure	<2.2.3-1
L Cross-site Scripting (XSS)	<2.2.3-1
C Improper Authentication	<2.3.5-1
L Cross-site Request Forgery (CSRF)	<2.1.0-6
M SQL Injection	<2.1.0-1
L Race Condition	<1.2.6-1
M Information Exposure	<1.2.5-1
M CVE-2007-5380	<1.2.5-1
M Cross-site Scripting (XSS)	<1.2.5-1
M Arbitrary Code Injection	<1.1.5-1
M CVE-2006-4112	<1.1.6-1

Vulnerability

Vulnerable Version

CVE-2024-26144