Project's rails version is vulnerable to DoS on using render :text RB-A1011
Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the render: :text option, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers. Upgrading to newer versions of Rails can help fix this issue.
Rails version with SafeBuffer manipulation bug detected RB-A1005
Selected versions of Rails 3 contain the SafeBuffer bug. Upgrading to newer versions of Rails can help fix this issue.
Rails version with CSRF token forgery vulnerability detected RB-A1001
All versions of Rails below 5.2.4.2, and some versions of Rails 6 till 6.0.3 make it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
Rails version with XML DOS vulnerability detected RB-A1002
Selected versions of Rails 2, 3 & 4 are vulnerable to denial of service attacks via XML. Upgrading to newer versions of Rails can help fix this issue.
Rails version with file disclosure vulnerability detected RB-A1003
Selected versions of Rails 2, 3 & 4 are vulnerable to file disclosures. Upgrading to newer versions of Rails or disabling serving of static assets, if enabled, can help fix this issue.