• Multiple security vulnerabilities in Rails https://groups.google.com/g/rubyonrails-security 62 comments 25/1/2016
• Surprise, new Rails vulnerabilities https://hakiri.io/blog/december-2013-rails-vulnerabilities 3 comments 4/12/2013
• Anatomy of an Exploit: An In-depth Look at the Rails YAML Vulnerability http://rubysource.com/anatomy-of-an-exploit-an-in-depth-look-at-the-rails-yaml-vulnerability/ 24 comments 4/2/2013
• MultiXml gem has same vulnerability as Rails' CVE-2013-0156 – patch now https://gist.github.com/d7f6d9f4925f413621aa 25 comments 10/1/2013
• Rails SQL injection vulnerability: here are the facts http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/#.UOV2h_j3Giw 112 comments 3/1/2013
• SQL Injection Vulnerability in Rails https://groups.google.com/group/rubyonrails-security/browse_thread/thread/7546a238e1962f59 50 comments 1/6/2012
• Vulnerability in Sendmail Delivery Agent code in Mail, affects Rails http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1 8 comments 26/1/2011

• The Anatomy of a Rails Vulnerability-CVE-2014-0130: From Directory Traversal to Shell http://matasano.com/research/anatomyofrailsvuln-cve-2014-0130.pdf 5 comments 27/5/2014 netsec
• Most common Ruby on Rails vulnerabilities and how to deal with them in your projects https://hixonrails.com/ruby-on-rails-tutorials/ruby-on-rails-security-best-practices/ 7 comments 2/4/2020 ruby
• Hack Rails with vulnerabilities by OWASP https://www.reddit.com/r/ruby/comments/d4imj2/hack_rails_with_vulnerabilities_by_owasp/ 3 comments 15/9/2019 ruby
• Is anybody interested in finding vulnerabilities in their rails app? https://www.reddit.com/r/rails/comments/azdq7p/is_anybody_interested_in_finding_vulnerabilities/ 14 comments 10/3/2019 rails
• Rails Asset Pipeline Directory Traversal Vulnerability (CVE-2018-3760) https://blog.heroku.com/rails-asset-pipeline-vulnerability 4 comments 19/6/2018 ruby
• Rails Paperclip CVE-2017–0889 SSRF vulnerability https://medium.com/in-the-weeds/all-about-paperclips-cve-2017-0889-server-side-request-forgery-ssrf-vulnerability-8cb2b1c96fe8 10 comments 24/1/2018 rails
• RJS leaking vulnerability in multiple Rails applications http://homakov.blogspot.com/2013/11/rjs-leaking-vulnerability-in-multiple.html 4 comments 30/11/2013 netsec
• OWASP Railsgoat - Intentionally Vulnerable Rails App https://github.com/owasp/railsgoat 10 comments 21/10/2013 netsec
• Anatomy of an Exploit: An In-depth Look at the Rails YAML Vulnerability http://rubysource.com/anatomy-of-an-exploit-an-in-depth-look-at-the-rails-yaml-vulnerability/ 3 comments 4/2/2013 ruby
• Rails is [Fr]agile. Vulnerabilities Will Keep Coming. http://homakov.blogspot.com/2013/01/rails-is-fragile-vulnerabilities-will.html 20 comments 31/1/2013 netsec
• Rails vulnerabilities are not Rails' http://www.revision-zero.org/rails-vulnerabilities-are-not-rails 25 comments 12/1/2013 ruby
• Excellent analysis of Rails XML Parameter Parsing Vulnerability http://www.insinuator.net/2013/01/rails-yaml/ 5 comments 8/1/2013 programming
• Rails SQL injection vulnerability: hold your horses, here are the facts http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/ 11 comments 3/1/2013 rails
• Mass assignment vulnerability isn't just for Rails http://chadmoran.com/posts/mass-assignment-vulnerability-isn-quo-t-just-for-rails 25 comments 6/3/2012 rails
• Mass assignment vulnerability isn't just for Rails http://chadmoran.com/posts/mass-assignment-vulnerability-isn-quo-t-just-for-rails 6 comments 6/3/2012 dotnet
• Explanation of the rails security vulnerability http://blog.evanweaver.com/articles/2006/08/10/explanation-of-the-rails-security-vulnerability-in-1-1-4-others 5 comments 10/8/2006 programming
• Al Qaeda calls to target 'vulnerable' U.S. rail network http://www.foreigndesknews.com/world/middle-east/al-qaeda-calls-target-vulnerable-u-s-rail-network/ 78 comments 14/8/2017 worldnews
• Ruby on Rails vulnerable to mass assignment and SQL injection [x-post from r/rails] http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection 159 comments 11/2/2013 programming
• Ruby on Rails vulnerable to mass assignment and SQL injection http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection 7 comments 11/2/2013 rails
• [SECURITY] Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3 https://groups.google.com/d/topic/rubyonrails-security/1h2dr63vigo/discussion 10 comments 28/1/2013 rails
• Hulu still has not patched their site for the XML parsing rails vulnerability, have you? https://gist.github.com/4499206 16 comments 22/1/2013 rails
• Brakeman 1.0 is out: A source code vulnerability scanner for Rails apps http://brakemanscanner.org/blog/2011/12/08/brakeman-1-dot-0-released/ 3 comments 8/12/2011 rails
• Security Vulnerability prompts the release of Rails 2.3.10 and 3.0.1 http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0 4 comments 15/10/2010 ruby
• Major rack vulnerability, need to update your rack version (prob to 1.4.5 for Rails use) http://rack.github.com/ 23 comments 8/2/2013 ruby
• Serious vulnerability in Ruby on Rails allowing arbitrary Ruby code execution in any Rails application https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnsgtq/discussion 66 comments 8/1/2013 netsec
• Serious vulnerability in Ruby on Rails allowing arbitrary Ruby code execution in any Rails application https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnsgtq/discussion 15 comments 8/1/2013 webdev
• Weapons of Mass Assignment - A Ruby on Rails app highlights some serious, yet easily avoided, security vulnerabilities. http://queue.acm.org/detail.cfm?id=1964843 11 comments 31/3/2011 programming
• Riding Rails: Multiple Ruby security vulnerabilities http://weblog.rubyonrails.com/2008/6/21/multiple-ruby-security-vulnerabilities 36 comments 22/6/2008 programming
• Cross-Site Scripting Vulnerability Found In Ruby-On-Rails, Affects Twitter, 37-Signals Products http://brian.mastenbrook.net/display/36 5 comments 4/9/2009 netsec
• Upgrade Rails now! "Multiple vulnerabilities in parameter parsing in Action Pack" and "Unsafe Query Generation Risk in Ruby on Rails" vulnerabilities disclosed https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnsgtq 18 comments 8/1/2013 rails
• Ukraine orders mandatory evacuation of vulnerable residents from the front-line city of Kupyansk and adjacent northeastern territories as fears mount Russia will retake the key city and rail hub https://www.straitstimes.com/world/europe/ukraine-orders-vulnerable-residents-to-evacuate-front-line-city 14 comments 2/3/2023 worldnews
• An uproar because someone pointed out that the way Rails scaffolds models by default makes apps vulnerable to exploits if you don’t also take some care to use a little feature called attr_accessible. http://raganwald.posterous.com/while-giles-is-right-hes-right 160 comments 5/3/2012 programming
• Indian Railways has launched ‘Plan Bee’ to prevent elephants getting hurt on rail tracks - Bee sounds can be heard from 600 metres away, as the train approaches the vulnerable gangway, thereby reducing the elephant death toll. https://www.businessinsider.in/indian-railways-introduce-buzzing-bees-to-keep-elephants-away-from-train-tracks/articleshow/70169025.cms 43 comments 11/7/2019 worldnews