Lucene search
K

474 matches found

OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.29 views

Debian: Security Advisory (DLA-604-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.95537EPSS
Exploits18References5
Tenable Nessus
Tenable Nessus
added 2023/02/18 12:0 a.m.50 views

SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2023:0444-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0444-1 advisory. - CVE-2023-22795: Fixed ReDoS in Action Dispatch cache bsc1207451. - CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies...

7.5CVSS6.8AI score0.02278EPSS
Exploits0References7
OSV
OSV
added 2023/02/17 8:44 a.m.5 views

SUSE-SU-2023:0444-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2023-22795: Fixed ReDoS in Action Dispatch cache bsc1207451. - CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies bnc1207455...

7.5CVSS7.5AI score0.02278EPSS
Exploits0References5
OSV
OSV
added 2023/02/17 8:41 a.m.4 views

SUSE-SU-2023:0442-1 Security update for rubygem-actionpack-4_2

This update for rubygem-actionpack-42 fixes the following issues: - CVE-2023-22795: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted HTTP header bsc1207451. - CVE-2023-22792: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted...

7.5CVSS7.5AI score0.02278EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.7 views

SUSE CVE-2014-0130

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files...

7.5CVSS6.9AI score0.53703EPSS
Exploits2References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.3 views

SUSE CVE-2020-8264

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

6.1CVSS6.1AI score0.70717EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/01/26 2:35 p.m.53 views

CVE-2023-22795

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Action Dispatch related to the If-None-Match header. By sending a specially-crafted HTTP If-None-Match header, a remote attacker...

7.5CVSS7.2AI score0.02278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/01/26 2:35 p.m.44 views

CVE-2023-22792

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Action Dispatch module. By sending specially-crafted cookies with an XFORWARDEDHOST header, a remote attacker could exploit...

7.5CVSS7.2AI score0.01695EPSS
Exploits0References4
Veracode
Veracode
added 2023/01/25 1:30 a.m.23 views

Regular Expression Denial Of Service (ReDoS)

actionpack is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists in the ifnonematchetags function of cache.rb due to inefficient regular expression complexity which allows an attacker to crash the application. The vulnerability only applies to ruby 3.2.0...

7.5CVSS7.3AI score0.02278EPSS
Exploits0References9Affected Software2
CNNVD
CNNVD
added 2023/01/20 12:0 a.m.4 views

rubygem-actionpack 安全漏洞

actionpack is a simple, time-tested convention for building and testing MVC web applications. Works on any rack-compatible server. A security vulnerability exists in rubygem-actionpack. An attacker exploited the vulnerability to perform a denial-of-service attack...

7.5CVSS7.3AI score0.01695EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/01/20 12:0 a.m.6 views

actionpack 输入验证错误漏洞

RubyGems is a Ruby package manager from the RubyGems organization. The product is primarily used for publishing and managing Ruby packages. A security vulnerability exists in rubygem-actionpack, which stems from a redirection vulnerability in Action Controller...

7.5CVSS6.2AI score0.01049EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/20 12:0 a.m.4 views

actionpack 安全漏洞

actionpack is a simple, time-tested convention for building and testing MVC web applications. Works on any rack-compatible server. A security vulnerability exists in rubygem-actionpack. An attacker exploited the vulnerability to perform a denial-of-service attack...

7.5CVSS7.3AI score0.02278EPSS
Exploits0References6
Veracode
Veracode
added 2023/01/19 2:38 a.m.21 views

Open Redirect

actionpack is vulnerable to Open Redirect. The vulnerability exists because the urlhostallowed function in redirecting.rb does not properly validate the URL strings, allowing an attacker to redirect the user to malicious URLs...

6.1CVSS6.4AI score0.01049EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2023/01/18 6:21 p.m.2 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect when passing unsanitized user input to the redirectto helper in metal/redirecting.rb. NOTE: A patch has been released to address this issue: 7-0-Fix-sec-issue-with-urlhostallowed.patch Remediation Upgrade actionpack to...

6.5CVSS6.9AI score0.00595EPSS
Exploits0References2
OSV
OSV
added 2022/12/08 1:2 p.m.8 views

SUSE-SU-2022:15116-1 Security update for rubygem-actionpack-3_2

This update for rubygem-actionpack-32 fixes the following issues: - CVE-2021-22885: Fixed Possible Information Disclosure / Unintended Method Execution in Action Pack bsc1185715. - CVE-2016-2097: Fixed Possible Information Leak Vulnerability in Action View bsc968850...

7.5CVSS7.2AI score0.04423EPSS
Exploits2References5
OSV
OSV
added 2022/10/27 12:0 p.m.37 views

GHSA-9CHR-4FJH-5RGW Cross-site Scripting in actionpack

actionpack from the Ruby on Rails project is vulnerable to Cross-site Scripting in the Route Error Page. This issue has been patched with this commit. This vulnerability is disputed by the Rails security team. It requires that the developer is tricked into copy pasting a malicious...

3.5CVSS4.2AI score0.0068EPSS
Exploits1References7
NVD
NVD
added 2022/10/26 8:15 p.m.35 views

CVE-2022-3704

A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real...

5.4CVSS0.0068EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/10/26 12:0 a.m.1 views

PT-2022-7468 · Ruby On Rails +2 · Action Pack +2

Name of the Vulnerable Software and Affected Versions: actionpack affected versions not specified Description: The issue is related to the incorrect neutralization of input data during web page generation, potentially leading to cross-site scripting. It affects the file actionpack/lib/action...

5.5CVSS6.2AI score0.0068EPSS
Exploits1References23
Vulnrichment
Vulnrichment
added 2022/10/26 12:0 a.m.12 views

CVE-2022-3704 Ruby on Rails _table.html.erb cross site scripting

A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real...

3.5CVSS6.2AI score0.0068EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/07/13 12:0 a.m.5 views

The vulnerability of the actionpack plugin in the Ruby on Rails software platform allows attackers to execute XSS attacks.

The vulnerability of the actionpack plugin for the Ruby on Rails software platform exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS6.3AI score0.01485EPSS
Exploits1References3Affected Software2
Rows per page
Query Builder