Lucene search
+L

11 matches found

OSV
OSV
added 2024/04/12 11:7 a.m.5 views

OESA-2024-1365 rubygem-activestorage security update

Attach cloud and local files in Rails applications. Security Fixes: Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cooki...

5.3CVSS6.2AI score0.01119EPSS
Exploits0References2
OSV
OSV
added 2024/02/27 9:41 p.m.21 views

GHSA-8H22-8CF7-HQ6G Rails has possible Sensitive Session Information Leak in Active Storage

Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/02/27 9:41 p.m.27 views

Rails has possible Sensitive Session Information Leak in Active Storage

Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2024/02/27 4:15 p.m.17 views

CVE-2024-26144

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS5AI score0.01119EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/02/27 3:44 p.m.38 views

CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References6
CVE
CVE
added 2024/02/27 3:44 p.m.264 views

CVE-2024-26144

The CVE-2024-26144 vulnerability affects Ruby on Rails Active Storage, exposing a possible sensitive session information leak where Set-Cookie headers may be cached by proxies. Affected versions start from Rails 5.2.0; the issue is triggered by serving blobs with a Set-Cookie header and Cache-Con...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/27 3:44 p.m.17 views

CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS6.6AI score0.01119EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
added 2024/02/27 12:0 a.m.32 views

Rails has possible Sensitive Session Information Leak in Active Storage

Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References10Affected Software1
RedhatCVE
RedhatCVE
added 2024/02/26 3:34 p.m.28 views

CVE-2024-26144

A flaw was found in Active Storage that may lead to a sensitive session information leak. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs and sets Cache-Control to public. Certain proxies may cache Set-Cookie, leading to an information...

5.3CVSS6.5AI score0.01119EPSS
Exploits0References4
RubySec
RubySec
added 2024/02/21 12:0 a.m.29 views

Possible Sensitive Session Information Leak in Active Storage

There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2024/02/20 9:0 p.m.25 views

Possible Sensitive Session Information Leak in Active Storage

There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak...

6.6AI score0.01119EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder