Vulnerability Name
Classifications
Severity
Code Evaluation (RoR – JSON)
PCI v3.2-6.5.1, CAPEC-356, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-23, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Critical
Code Evaluation (RoR)
PCI v3.2-6.5.1, CAPEC-356, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-23, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Critical
Out of Band Code Evaluation (RoR – JSON)
PCI v3.2-6.5.1, CAPEC-356, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-23, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Critical
Out of Band Code Evaluation (RoR)
PCI v3.2-6.5.1, CAPEC-356, CWE-94, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, WASC-23, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/RL:O
Critical
Server-Side Template Injection (Ruby ERB)
PCI v3.2-6.5.1, CWE-74, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5, OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Critical
Source Code Disclosure (Ruby)
CAPEC-118, CWE-540, HIPAA-164.306(a), 164.308(a), ISO27001-A.9.4.5, WASC-13, OWASP 2013-A5, OWASP 2017-A3, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Stack Trace Disclosure (RoR)
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Stack Trace Disclosure (Ruby-Sinatra Framework)
PCI v3.2-6.5.5, CAPEC-214, CWE-248, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-14, OWASP 2013-A5, OWASP 2017-A6, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Medium
Programming Error Message (Ruby)
PCI v3.2-6.5.5, CAPEC-118, CWE-210, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6
Low
RoR Database Configuration File Detected
CWE-285, ISO27001-A.9.4.1, WASC-15, OWASP 2013-A5, OWASP 2017-A6
Low
RoR Development Mode Enabled
PCI v3.2-6.5.5, CAPEC-214, CWE-16, ISO27001-A.14.1.1, WASC-14, OWASP 2013-A5, OWASP 2017-A6
Low
Version Disclosure (RoR)
CAPEC-170, CWE-205, HIPAA-164.306(a), 164.308(a), ISO27001-A.18.1.3, WASC-13, OWASP 2013-A5, OWASP 2017-A6
Low