Lucene search
K

474 matches found

OSV
OSV
added 2021/06/11 4:15 p.m.20 views

CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

6.1CVSS6.5AI score0.01224EPSS
Exploits0References2
OSV
OSV
added 2021/06/11 4:15 p.m.22 views

CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

7.5CVSS6.5AI score0.02791EPSS
Exploits1References2
Prion
Prion
added 2021/06/11 4:15 p.m.20 views

Open redirect

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

5.8CVSS6.1AI score0.87301EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2021/06/11 4:15 p.m.33 views

CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

7.5CVSS6.8AI score0.02791EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/06/11 4:15 p.m.28 views

CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

6.1CVSS6.4AI score0.01224EPSS
Exploits0References1
Prion
Prion
added 2021/06/11 4:15 p.m.22 views

Authentication flaw

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

5CVSS7.4AI score0.04808EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/06/11 4:15 p.m.20 views

Denial of service

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

5CVSS7.3AI score0.02791EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2021/06/11 4:15 p.m.36 views

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

7.5CVSS6.8AI score0.04808EPSS
Exploits1References4
OSV
OSV
added 2021/06/11 4:15 p.m.4 views

UBUNTU-CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

7.5CVSS6.8AI score0.04808EPSS
Exploits1References5
Cvelist
Cvelist
added 2021/06/11 3:49 p.m.37 views

CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

6.4AI score0.01224EPSS
Exploits0References2
CVE
CVE
added 2021/06/11 3:49 p.m.261 views

CVE-2021-22902

CVE-2021-22902 refers to a denial-of-service vulnerability in Rails Action Dispatch mime-type parsing. The actionpack gem, prior to versions 6.0.3.7 and 6.1.3.2, can be exploited by specially crafted HTTP Accept headers that trigger catastrophic backtracking in the regular expression engine. The ...

7.5CVSS7.2AI score0.02791EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/06/11 3:49 p.m.160 views

CVE-2021-22904

CVE-2021-22904 concerns Rails Action Pack/token authentication DoS due to a too-permissive regular expression in Action Controller. Affected component: actionpack Ruby gem (versions before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6). Impact: potential denial of service via crafted requests or headers; no e...

7.5CVSS7.4AI score0.04808EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/06/11 3:49 p.m.100 views

CVE-2021-22903

The CVE-2021-22903 issue affects the Ruby on Rails Action Pack/Host Authorization logic (Rails 6.x prior to 6.1.3.2). It stems from how Host headers and certain allowed-host formats interact with config.hosts, allowing an open redirect to a malicious site when a leading dot is used in allowed-hos...

6.1CVSS6AI score0.01224EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/06/11 3:49 p.m.37 views

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

7.7AI score0.04808EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/06/11 3:49 p.m.35 views

CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

7.6AI score0.02791EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/06/11 3:49 p.m.28 views

CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

7.5CVSS6.2AI score0.02791EPSS
Exploits1
Debian CVE
Debian CVE
added 2021/06/11 3:49 p.m.29 views

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

7.5CVSS6.5AI score0.04808EPSS
Exploits1
OpenVAS
OpenVAS
added 2021/05/27 12:0 a.m.23 views

openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2021:0797-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.04195EPSS
Exploits1References2
OSV
OSV
added 2021/05/26 5:13 p.m.5 views

OPENSUSE-SU-2021:0797-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715. This update was imported from the SUSE:SLE-15:Update update project...

7.5CVSS7.3AI score0.04195EPSS
Exploits1References3
OSV
OSV
added 2021/05/26 9:17 a.m.4 views

SUSE-SU-2021:1759-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715...

7.5CVSS7.4AI score0.04195EPSS
Exploits1References3
Rows per page
Query Builder