Lucene search
K

6 matches found

Snyk
Snyk
added 2024/06/04 8:41 p.m.3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to the improper handling of security headers for non-HTML content types. An attacker can potentially exploit this to bypass security restrictions by sending specially crafted requests that exploit the lack ...

9.8CVSS6.9AI score0.00658EPSS
Exploits0References2
Snyk
Snyk
added 2024/02/24 11:22 p.m.2 views

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the default behavior of sending a Set-Cookie header along with the user's session cookie when serving blobs and setting Cache-Control to public. Certain proxies may cache the Set-Cookie,...

5.3CVSS6.7AI score0.01119EPSS
Exploits0References2
Snyk
Snyk
added 2021/12/14 9:19 p.m.3 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect through the X-Forwarded-Host header. If the value of the header is prefixed with a invalid domain character for example a /, it is always accepted as the actual host of that request. Since this host is used for all url...

6.1CVSS6.8AI score0.04182EPSS
Exploits0References2
Snyk
Snyk
added 2021/05/05 7:49 p.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. There is a possible denial of service vulnerability in the Token Authentication logic in Action Controller. Impacted code uses authenticateorrequestwithhttptoken or authenticatewithhttptoken for request...

7.5CVSS7AI score0.04808EPSS
Exploits1References2
Snyk
Snyk
added 2020/05/19 7:47 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure by Bypassing Strong Parameters. Specifically the return value of each, or eachvalue, or eachpair will return the underlying "untrusted" hash of data that was read from the parameters. Remediation Upgrade actionpack ...

7.5CVSS6.9AI score0.04198EPSS
Exploits1References2
Snyk
Snyk
added 2020/05/19 7:38 a.m.2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF given a global CSRF token such as the one present in the authenticitytoken meta tag. Remediation Upgrade actionpack to version 5.2.4.3, 6.0.3.1 or higher. References - GitHub Commit - Google Group Forum -...

6.5CVSS7.6AI score0.01673EPSS
Exploits1References2
Rows per page
Query Builder