11 matches found
OESA-2024-1365 rubygem-activestorage security update
Attach cloud and local files in Rails applications. Security Fixes: Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cooki...
Rails has possible Sensitive Session Information Leak in Active Storage
Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...
GHSA-8H22-8CF7-HQ6G Rails has possible Sensitive Session Information Leak in Active Storage
Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...
CVE-2024-26144
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
CVE-2024-26144
The CVE-2024-26144 vulnerability affects Ruby on Rails Active Storage, exposing a possible sensitive session information leak where Set-Cookie headers may be cached by proxies. Affected versions start from Rails 5.2.0; the issue is triggered by serving blobs with a Set-Cookie header and Cache-Con...
CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage
Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...
Rails has possible Sensitive Session Information Leak in Active Storage
Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...
CVE-2024-26144
A flaw was found in Active Storage that may lead to a sensitive session information leak. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs and sets Cache-Control to public. Certain proxies may cache Set-Cookie, leading to an information...
Possible Sensitive Session Information Leak in Active Storage
There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak...
Possible Sensitive Session Information Leak in Active Storage
There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak...