6 matches found
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation due to the improper handling of security headers for non-HTML content types. An attacker can potentially exploit this to bypass security restrictions by sending specially crafted requests that exploit the lack ...
Exposure of Data Element to Wrong Session
Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the default behavior of sending a Set-Cookie header along with the user's session cookie when serving blobs and setting Cache-Control to public. Certain proxies may cache the Set-Cookie,...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect through the X-Forwarded-Host header. If the value of the header is prefixed with a invalid domain character for example a /, it is always accepted as the actual host of that request. Since this host is used for all url...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS. There is a possible denial of service vulnerability in the Token Authentication logic in Action Controller. Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for request...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure by Bypassing Strong Parameters. Specifically the return value of each, or eachvalue, or eachpair will return the underlying "untrusted" hash of data that was read from the parameters. Remediation Upgrade actionpack ...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF given a global CSRF token such as the one present in the authenticitytoken meta tag. Remediation Upgrade actionpack to version 5.2.4.3, 6.0.3.1 or higher. References - GitHub Commit - Google Group Forum -...