Astra Linux – Vulnerability in Rails

An XSS vulnerability exists in Action Pack versions = 5.2.0 and 5.2.0, which could allow an attacker to bypass the Content Security Policy and generate non-HTML responses...

CVE-2026-33167

A flaw was found in Action Pack, a component of the Rails framework. A remote attacker could exploit this vulnerability by crafting a malicious exception message. When this message is displayed on the debug exceptions page, the improper escaping of the message allows for the injection of arbitrar...

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

Rails Action Pack 跨站脚本漏洞

Rails Action Pack is a web framework developed by the Rails team in the United States. It provides a routing mechanism mapping request URLs to actions, defines controllers for handling actions, and includes mechanisms for generating responses through rendering views templates in various formats...

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

Rails Action Pack 跨站脚本漏洞

Rails Action Pack is a web framework from the US Rails team. It provides a mechanism for routing mapping request URLs to actions, defining controllers that implement actions, and generating responses by rendering views templates in various formats. A cross-site scripting vulnerability exists in...

Rails Action Pack 安全漏洞

Rails Action Pack is a web framework from the US-based Rails team. It provides a mechanism for routing mapping request URLs to actions, defining controllers that implement actions, and generating responses by rendering views templates in various formats. A security vulnerability exists in Rails...

SUSE CVE-2013-1855

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...

SUSE CVE-2016-2098

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method...

Rails Action Pack 跨站脚本漏洞

Rails Action Pack is a web framework for the Rails community in the United States . It provides a mechanism for routing mapping request URLs to actions, defining controllers that implement actions, and generating responses by rendering views templates in various formats. A security vulnerability...

Cross-site Scripting Vulnerability in Action Pack

There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned the CVE identifier CVE-2022-22577. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1 Impact CSP headers were only sent along with responses that Rails...

GHSA-MM33-5VFQ-3MM3 Cross-site Scripting Vulnerability in Action Pack

There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned the CVE identifier CVE-2022-22577. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1 Impact CSP headers were only sent along with responses that Rails...

PT-2022-15536 · Ruby On Rails +2 · Action Pack +2

Name of the Vulnerable Software and Affected Versions: Action Pack versions 5.2.0 through 5.2.7 Action Pack versions 6.0.0 through 6.0.4.7 Action Pack versions 6.1.0 through 6.1.5.0 Action Pack versions 7.0.0 through 7.0.2.3 Description: The issue allows an attacker to bypass Content Security...

Rails Action Pack Information Disclosure Vulnerability (CNVD-2022-13387)

Rails Action Pack is a web framework from the US Rails community. It provides a routing mechanism mapping request URLs to actions, a controller that defines the implementation of actions and a mechanism for generating responses by rendering views templates in various formats.Rails Action Pack has...

Rails Action Pack 信息泄露漏洞

Rails Action Pack is a web framework from the US Rails community. It provides a routing mechanism mapping request URLs to actions, a controller that defines the implementation of actions and a mechanism for generating responses by rendering views templates in various formats.Rails Action Pack has...

Rails Action Pack 输入验证错误漏洞

Rails Action Pack is a web framework for the Rails community in the United States . It provides a mechanism for routing mapping request URLs to actions, defining controllers that implement actions, and generating responses by rendering views templates in various formats. An input validation error...

Rails Action Pack 输入验证错误漏洞

Red hat Red Hat Satellite 6 is an application system from Red hat, Inc. It provides an infrastructure management product specifically designed to keep Red Hat EnterpriseLinux® environments and other Red Hat infrastructures running efficiently, securely, and in compliance with various standards. A...

Rails Action Pack 信息泄露漏洞

Red Hat Satellite 6 is an application system from Red hat, Inc. provides an infrastructure management product specifically designed to keep Red Hat EnterpriseLinux® environments and other Red Hat infrastructures running efficiently, securely, and in compliance with various standards. An unspecifi...

Rails Action Pack Input Validation Error Vulnerability

Rails Action Pack is a web framework for the Rails community in the United States . It provides a mechanism for routing mapping request URLs to actions, defining controllers that implement actions, and generating responses by rendering views templates in various formats. An input validation error...

The vulnerability of the Ruby on Rails software platform, which allows a hacker to trigger a service failure

The vulnerability in the actionpack/lib/actiondispatch/http/mimetype.rb file of the Action Pack component of the Ruby on Rails software framework relates to the lack of restrictions on the use of MIME cache. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause...