Lucene search

Cross-site Scripting Vulnerability in Action Pack

🗓️ 27 Apr 2022 22:59:28Reported by GitHub Advisory DatabaseType

Possible XSS vulnerability in Rails Action Pack, CVE-2022-2257

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 25
NVD	CVE-2022-22577	26 May 202217:15	–	nvd
Veracode	Cross-Site Scripting (XSS)	28 Apr 202206:17	–	veracode
UbuntuCve	CVE-2022-22577	26 May 202200:00	–	ubuntucve
Cvelist	CVE-2022-22577	26 May 202200:00	–	cvelist
RedhatCVE	CVE-2022-22577	29 Apr 202213:28	–	redhatcve
Hacker One	Ruby on Rails: Content Security Policy is only active for HTML responses but not for image/svg+xml	1 Sep 202115:42	–	hackerone
CVE	CVE-2022-22577	26 May 202217:15	–	cve
RubySec	Possible XSS Vulnerability in Action Pack	26 Apr 202221:00	–	rubygems
Debian CVE	CVE-2022-22577	26 May 202217:15	–	debiancve
Prion	Cross site scripting	26 May 202217:15	–	prion

Vulners

Node

actionpack_project actionpackRange7.0.0–7.0.2.3

actionpack_project actionpackRange6.1.0–6.1.5.0

actionpack_project actionpackRange6.0.0–6.0.4.7

actionpack_project actionpackRange5.2.0–5.2.7.0

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-22577
github	www.github.com/rails/rails/pull/44635
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-22577.yml
groups	www.groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI
rubyonrails	www.rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released
discuss	www.discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533
lists	www.lists.debian.org/debian-lts-announce/2022/09/msg00002.html
security	www.security.netapp.com/advisory/ntap-20221118-0002/
github	www.github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec
github	www.github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Apr 2022 22:28Current

2.1Low risk

Vulners AI Score2.1

CVSS24.3

CVSS36.1

EPSS0.00414

CWE-79