Lucene search
+L

11 matches found

osv
osv
added 2024/04/12 11:7 a.m.4 views

OESA-2024-1365 rubygem-activestorage security update

Attach cloud and local files in Rails applications. Security Fixes: Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cooki...

5.3CVSS6.2AI score0.01119EPSS
Exploits0References2
github
github
added 2024/02/27 9:41 p.m.26 views

Rails has possible Sensitive Session Information Leak in Active Storage

Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References9Affected Software1
osv
osv
added 2024/02/27 9:41 p.m.21 views

GHSA-8H22-8CF7-HQ6G Rails has possible Sensitive Session Information Leak in Active Storage

Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References9
nvd
nvd
added 2024/02/27 4:15 p.m.17 views

CVE-2024-26144

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS5AI score0.01119EPSS
Exploits0References6
cve
cve
added 2024/02/27 3:44 p.m.264 views

CVE-2024-26144

The CVE-2024-26144 vulnerability affects Ruby on Rails Active Storage, exposing a possible sensitive session information leak where Set-Cookie headers may be cached by proxies. Affected versions start from Rails 5.2.0; the issue is triggered by serving blobs with a Set-Cookie header and Cache-Con...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References6Affected Software1
vulnrichment
vulnrichment
added 2024/02/27 3:44 p.m.17 views

CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS6.6AI score0.01119EPSS
Exploits0References6
cvelist
cvelist
added 2024/02/27 3:44 p.m.38 views

CVE-2024-26144 Possible Sensitive Session Information Leak in Active Storage

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References6
gitlab
gitlab
added 2024/02/27 12:0 a.m.32 views

Rails has possible Sensitive Session Information Leak in Active Storage

Possible Sensitive Session Information Leak in Active Storage There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxi...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References10Affected Software1
redhatcve
redhatcve
added 2024/02/26 3:34 p.m.27 views

CVE-2024-26144

A flaw was found in Active Storage that may lead to a sensitive session information leak. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs and sets Cache-Control to public. Certain proxies may cache Set-Cookie, leading to an information...

5.3CVSS6.5AI score0.01119EPSS
Exploits0References4
rubygems
rubygems
added 2024/02/21 12:0 a.m.29 views

Possible Sensitive Session Information Leak in Active Storage

There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak...

5.3CVSS5.2AI score0.01119EPSS
Exploits0References1Affected Software1
rubygems
rubygems
added 2024/02/20 9:0 p.m.25 views

Possible Sensitive Session Information Leak in Active Storage

There is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user’s session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak...

6.6AI score0.01119EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder