Ruby on Rails

LAB ONLY | AUTHORIZED TARGETS ONLY | 自动生成索引

系统 ID: rails
分类: frameworks
覆盖策略: rolling-24m
总案例数: 42
近 30 天新增/更新: 0
重点 Markdown 案例数: 10
已实证(真实版本): 0
已实证(synthetic): 0
阻塞数: 0
待人工/缺浏览器证据: 42
最近渲染时间: 2026-04-02T09:18:51+00:00

目标约束

适用目标类型: lab-local, lab-public, authorized-third-party
是否允许公网验证: yes, but ownership or authorization is required
授权前提: 资产归属可证明，或已取得书面/明确授权。
最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作

来源

official GitHub Global Advisories (ecosystem=rubygems; mode=core)
official OSV Rails (mode=core)
ecosystem-authority NVD Ruby on Rails (keyword=Ruby on Rails; mode=core)

案例列表

标题	严重度	案例状态	实证状态	实证方式	来源置信度	更新时间	案例页
Rails has possible XSS Vulnerability in Action Controller	`low`	`generated`	`triage-manual`	`synthetic`	`official`	`2024-12-20T10:42:26.578616Z`	link
Ruby on Rails vulnerable to code injection	`high`	`generated`	`triage-manual`	`synthetic`	`official`	`2025-04-03T14:58:34.698394Z`	link
Rails Denial of Service vulnerability	`high`	`generated`	`triage-manual`	`synthetic`	`official`	`2025-04-03T15:46:47.783301Z`	link
Moderate severity vulnerability that affects rails	`medium`	`generated`	`triage-manual`	`synthetic`	`official`	`2025-04-09T15:30:21.670801Z`	link
Moderate severity vulnerability that affects rails	`medium`	`generated`	`triage-manual`	`synthetic`	`official`	`2025-05-01T18:49:06.777708Z`	link
Session fixation vulnerability in Rails	`medium`	`generated`	`triage-manual`	`synthetic`	`official`	`2025-04-09T15:30:02.622007Z`	link
session fixation protection mechanism in cgi_process.rb in Rails	`medium`	`generated`	`triage-manual`	`synthetic`	`official`	`2025-04-09T15:55:51.425352Z`	link
rails is vulnerable to CRLF injection	`medium`	`generated`	`triage-manual`	`synthetic`	`official`	`2025-04-09T17:02:22.936736Z`	link
Moderate severity vulnerability that affects rails	`medium`	`generated`	`triage-manual`	`synthetic`	`official`	`2025-04-09T20:05:53.148849Z`	link
Rails vulnerable to Cross-site Scripting	`unknown`	`generated`	`triage-manual`	`synthetic`	`official`	`2024-12-08T05:43:59.579843Z`	link
CVE-2013-0156	`high`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2013-0155	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2012-6497	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2012-6496	`high`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2012-3465	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2012-3464	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2012-3463	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2012-3424	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2012-2695	`high`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2012-2694	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2012-2661	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2012-2660	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2012-1099	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2012-1098	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2011-4319	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2011-3187	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2011-3186	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2011-2932	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2011-2931	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2011-2930	`high`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2011-2929	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2011-2197	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2011-0449	`high`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2011-0448	`high`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2011-0447	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2011-0446	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2010-3933	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-11T00:51:21.963`	-
CVE-2008-7248	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-09T00:30:58.490`	-
CVE-2009-3086	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-09T00:30:58.490`	-
CVE-2009-3009	`medium`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-09T00:30:58.490`	-
CVE-2009-2422	`critical`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-09T00:30:58.490`	-
CVE-2008-4094	`high`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	`2025-04-09T00:30:58.490`	-

7.8 KiB 原始文件 Blame 文件历史

Ruby on Rails

目标约束

来源

案例列表

7.8 KiB

原始文件 Blame 文件历史