5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
Rails Action Pack is a web framework from the US Rails community. It provides a routing mechanism (mapping request URLs to actions), a controller that defines the implementation of actions and a mechanism for generating responses by rendering views (templates in various formats).Rails Action Pack has an information disclosure vulnerability that can be exploited by an attacker to cause data leakage to subsequent requests.
CPE | Name | Operator | Version |
---|---|---|---|
Rails Action Pack <7. | eq | 0.2.1 | |
Rails Action Pack <6. | eq | 0.4.5 | |
Rails Action Pack <6. | eq | 1.4.5 | |
Rails Action Pack <5. | eq | 2.6.1 |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N