474 matches found
Debian: Security Advisory (DLA-604-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2023:0444-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0444-1 advisory. - CVE-2023-22795: Fixed ReDoS in Action Dispatch cache bsc1207451. - CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies...
SUSE-SU-2023:0444-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2023-22795: Fixed ReDoS in Action Dispatch cache bsc1207451. - CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies bnc1207455...
SUSE-SU-2023:0442-1 Security update for rubygem-actionpack-4_2
This update for rubygem-actionpack-42 fixes the following issues: - CVE-2023-22795: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted HTTP header bsc1207451. - CVE-2023-22792: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted...
SUSE CVE-2014-0130
Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files...
SUSE CVE-2020-8264
In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...
CVE-2023-22795
A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Action Dispatch related to the If-None-Match header. By sending a specially-crafted HTTP If-None-Match header, a remote attacker...
CVE-2023-22792
A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Action Dispatch module. By sending specially-crafted cookies with an XFORWARDEDHOST header, a remote attacker could exploit...
Regular Expression Denial Of Service (ReDoS)
actionpack is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in the ifnonematchetags function of cache.rb due to inefficient regular expression complexity which allows an attacker to crash the application. The vulnerability only applies to ruby 3.2.0...
rubygem-actionpack 安全漏洞
actionpack is a simple, time-tested convention for building and testing MVC web applications. Works on any rack-compatible server. A security vulnerability exists in rubygem-actionpack. An attacker exploited the vulnerability to perform a denial-of-service attack...
actionpack 输入验证错误漏洞
RubyGems is a Ruby package manager from the RubyGems organization. The product is primarily used for publishing and managing Ruby packages. A security vulnerability exists in rubygem-actionpack, which stems from a redirection vulnerability in Action Controller...
actionpack 安全漏洞
actionpack is a simple, time-tested convention for building and testing MVC web applications. Works on any rack-compatible server. A security vulnerability exists in rubygem-actionpack. An attacker exploited the vulnerability to perform a denial-of-service attack...
Open Redirect
actionpack is vulnerable to Open Redirect. The vulnerability exists because the urlhostallowed function in redirecting.rb does not properly validate the URL strings, allowing an attacker to redirect the user to malicious URLs...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect when passing unsanitized user input to the redirectto helper in metal/redirecting.rb. NOTE: A patch has been released to address this issue: 7-0-Fix-sec-issue-with-urlhostallowed.patch Remediation Upgrade actionpack to...
SUSE-SU-2022:15116-1 Security update for rubygem-actionpack-3_2
This update for rubygem-actionpack-32 fixes the following issues: - CVE-2021-22885: Fixed Possible Information Disclosure / Unintended Method Execution in Action Pack bsc1185715. - CVE-2016-2097: Fixed Possible Information Leak Vulnerability in Action View bsc968850...
GHSA-9CHR-4FJH-5RGW Cross-site Scripting in actionpack
actionpack from the Ruby on Rails project is vulnerable to Cross-site Scripting in the Route Error Page. This issue has been patched with this commit. This vulnerability is disputed by the Rails security team. It requires that the developer is tricked into copy pasting a malicious...
CVE-2022-3704
A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real...
PT-2022-7468 · Ruby On Rails +2 · Action Pack +2
Name of the Vulnerable Software and Affected Versions: actionpack affected versions not specified Description: The issue is related to the incorrect neutralization of input data during web page generation, potentially leading to cross-site scripting. It affects the file actionpack/lib/action...
CVE-2022-3704 Ruby on Rails _table.html.erb cross site scripting
A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real...
The vulnerability of the actionpack plugin in the Ruby on Rails software platform allows attackers to execute XSS attacks.
The vulnerability of the actionpack plugin for the Ruby on Rails software platform exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...