Lucene search
K

474 matches found

Snyk
Snyk
added 2021/02/11 1:20 p.m.3 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect. Specially crafted Host headers in combination with certain allowed host formats can cause the Host Authorization middleware in ActionPack to redirect users to a malicious website. When an allowed host contains a leading...

6.1CVSS6.2AI score0.87301EPSS
Exploits1References2
OSV
OSV
added 2021/01/06 9:15 p.m.22 views

CVE-2020-8264

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

6.1CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2021/01/06 9:15 p.m.33 views

CVE-2020-8264

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

6.1CVSS5.9AI score0.70717EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2021/01/06 9:15 p.m.28 views

CVE-2020-8264

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

6.1CVSS6.9AI score0.70717EPSS
Exploits1References2
Prion
Prion
added 2021/01/06 9:15 p.m.17 views

Cross site scripting

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

4.3CVSS5.9AI score0.70717EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/01/06 9:2 p.m.110 views

CVE-2020-8264

The connected OSV advisories indicate fixes for actionpack-related issues in the ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 package (GA OpenSUSE Tumbleweed). For CVE-2020-8264, the vulnerability is described as a development-mode XSS in the Actionable Exceptions middleware of actionpack >= 6.0. ...

6.1CVSS5.8AI score0.70717EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/01/06 9:2 p.m.32 views

CVE-2020-8264

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

5.9AI score0.70717EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/01/06 9:2 p.m.32 views

CVE-2020-8264

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

6.1CVSS6.5AI score0.70717EPSS
Exploits1
Veracode
Veracode
added 2020/10/12 5:58 a.m.17 views

Cross-site Scripting (XSS)

ActionPack is vulnerable to cross-site scripting XSS. An attacker is able to embed a specially crafted URL via the location parameter in Actionable Exceptions middleware while the application server is in development mode, leading to the execution of malicious JavaScript in the context of the loc...

6.1CVSS3.3AI score0.70717EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2020/10/08 6:52 p.m.23 views

CVE-2020-8264

A flaw was found in rubygem-actionpack. A XSS vulnerability in Action Pack's Actionable Exceptions middleware while the application server is in development mode is possible. The highest threat from this vulnerability is to data confidentiality and integrity...

7.7CVSS3AI score0.70717EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2020/10/05 12:0 a.m.20 views

Fedora: Security Advisory for rubygem-actionpack (FEDORA-2020-4dd34860a3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/10/05 12:0 a.m.31 views

openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1533)

This update for rubygem-actionpack-51 fixes the following issues : - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...

7.5CVSS7.2AI score0.04198EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/09/30 12:0 a.m.32 views

openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1536)

This update for rubygem-actionpack-51 fixes the following issues : - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...

7.5CVSS7.2AI score0.04198EPSS
Exploits1References2
OSV
OSV
added 2020/09/29 8:24 a.m.5 views

OPENSUSE-SU-2020:1575-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. This update was imported fr...

7.5CVSS7.5AI score0.04198EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2020/09/29 12:0 a.m.49 views

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1575-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description:...

7.5CVSS6.9AI score0.04198EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2020/09/27 12:0 a.m.19 views

openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2020:1536-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS8AI score0.04198EPSS
Exploits1References2
OSV
OSV
added 2020/09/26 4:20 a.m.6 views

OPENSUSE-SU-2020:1536-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...

7.5CVSS7.5AI score0.04198EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2020/09/26 12:0 a.m.54 views

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1536-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This updat...

7.5CVSS6.7AI score0.04198EPSS
Exploits1References1
OSV
OSV
added 2020/09/25 6:21 p.m.6 views

OPENSUSE-SU-2020:1533-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...

7.5CVSS7.5AI score0.04198EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2020/09/25 12:0 a.m.56 views

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1533-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This updat...

7.5CVSS6.7AI score0.04198EPSS
Exploits1References1
Rows per page
Query Builder