GoogleOSV:GHSA-9CHR-4FJH-5RGWCross-site Scripting in actionpack
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
21.7%
actionpack from the Ruby on Rails project is vulnerable to Cross-site Scripting in the Route Error Page. This issue has been patched with this commit.
This vulnerability is disputed by the Rails security team. It requires that the developer is tricked into copy pasting a malicious javascript-containing string into a development-only error page accessible only via localhost.
| CPE | Name | Operator | Version |
|---|---|---|---|
| actionpack | eq | 0.9.0 | |
| actionpack | eq | 0.9.5 | |
| actionpack | eq | 1.0.0 | |
| actionpack | eq | 1.0.1 | |
| actionpack | eq | 1.1.0 | |
| actionpack | eq | 1.10.1 | |
| actionpack | eq | 1.10.2 | |
| actionpack | eq | 1.11.0 | |
| actionpack | eq | 1.11.1 | |
| actionpack | eq | 1.11.2 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
21.7%