Ruby on Rails

Ruby on Rails vulnerabilities including mass assignment, insecure redirects, file disclosure, and framework-specific RCE vectors.

📄️ CVE-2015-3224: Rails RCE (Web Console)

https://hackerone.com/reports/44513

📄️ CVE-2019-5420: Ruby on Rails Development Mode Session Forgery/RCE

CVE-2019-5420 is a vulnerability in Ruby on Rails applications running in development (or test) mode, where the secret key used to encrypt and sign session cookies is predictable.

📄️ CVE-2019-5418: Ruby on Rails Accept Header File Disclosure to RCE

* https://www.daehee.com/blog/decrypt-ruby-on-rails-credentials/