EUVD-2021-0742

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-22902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service...

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

UBUNTU-CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

Cross-site scripting in actionpack

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

CVE-2020-8264

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

Cross site scripting

In actionpack gem = 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This...

CVE-2020-8264

The connected OSV advisories indicate fixes for actionpack-related issues in the ruby2.7-rubygem-actionpack-6.0-6.0.4-1.2 package (GA OpenSUSE Tumbleweed). For CVE-2020-8264, the vulnerability is described as a development-mode XSS in the Actionable Exceptions middleware of actionpack >= 6.0. ...

Cross-site Scripting (XSS)

actionpack gem is vulnerable to cross-site scripting XSS vulnerability. The attacker can input malicious string via actionpack/lib/actionview/helpers/translationhelper.rb to trigger generation of a fallback string by the i18n gem...

Ruby on Rails HTTP Digest Authentication Bypass

The remote web server appears to use a version of Ruby on Rails that contains a vulnerability in its HTTP Digest authentication support. Specifically, the 'authenticateorrequestwithhttpdigest' function in 'lib/actioncontroller/httpauthentication.rb' of the 'actionpack' gem does not treat a 'nil'...