There are total 2,149,836 web sites deployed Ruby On Rails framework.Ruby on Rails, or Rails, is a server-side web application framework written in Ruby under the MIT License. RubyGems is a package manager for the Ruby programming language that provides a standard format for distributing Ruby programs and libraries. There are 3 items of vulnerabilities found on Ruby. Per my investigation, if hacker combining those 3 items of vulnerabilities can transform as a powerful hacking strategy. System administrator must check your environment see whether it requires for update.

Technical references shown as below:

CVE-2018-3740 – https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e

CVE-2018-3741 – https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae

CVE-2018-8048 – https://github.com/flavorjones/loofah/issues/144