CVE-2026-42205

CVE-2026-42205 (Avo) affects the Avo framework for Ruby on Rails. The issue resides in the ActionsController’s insecure action lookup, which can ignore resource context and let an authenticated user execute any action class (descendants of Avo::BaseAction) on any resource. This creates privilege ...

CVE-2026-42205 Avo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across Resources

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of...

[SECURITY] Fedora 22 Update: struts-1.3.10-14.fc22

Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages JSP technology. Struts encourages application architectures based on the Model-View-Controller MVC design paradigm,...

[SECURITY] Fedora 20 Update: struts-1.3.10-10.fc20

Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages JSP technology. Struts encourages application architectures based on the Model-View-Controller MVC design paradigm,...