Ruby on Rails
ActiveSupport
ActiveRecord
ActiveStorage
Active Job
Action Pack
Action Mailer
Action MailBox
Action Text
Kredis
propshaft
GlobalID
Solid Queue
Mission Control — Jobs
Ruby on Railsで利用されるURL
Ruby on Railsで使用されているmiddlware
事例
事例:Regex Injection from request header (Rack::Sendfile)
2020
事例:CVE-2020-8159: Arbitrary file write/potential remote code execution in actionpack_page-caching
事例:XSS by file (Active Storage Proxying)
事例:CVE-2020-15169: Potential XSS vulnerability in Action View
2022
事例:CVE-2022-44566: Possible Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
事例:GlobalIDの二重デシリアライズによる潜在的なRCE
事例:CVE-2022-22577 Content Security Policy is only active for HTML responses but not for image/svg+xml
2023
事例:CVE-2023-27531 Possible Deserialization of Untrusted Data vulnerability in Kredis JSON
2024
事例:Path traversal in AcitveStorage, and lead RCE
事例:CVE-2024-26143: Possible XSS Vulnerability in Action Controller
事例:CVE-2024-32464: ActionText ContentAttachment’s can Contain Unsanitized HTML
事例:CVE-2024-47888: Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text