Unity Linux 20.1060e / 20.1070e Security Update: rubygem-actionpack (UTSA-2026-017586)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017586 advisory. A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted...

Open Redirection

actionpack is vulnerable to open redirection. A malicious X-Forwarded-Host when used in combination with certain allowed host formats, can cause the Host Authorization middleware to redirect users to a malicious website...

Information Disclosure

actionpack is vulnerable to information disclosure. When using redirectto or polymorphicurl with untrusted user input, there is possible unintended unintended method execution vulnerability that can lead to information disclosure...

CVE-2020-8264

A flaw was found in rubygem-actionpack. A XSS vulnerability in Action Pack's Actionable Exceptions middleware while the application server is in development mode is possible. The highest threat from this vulnerability is to data confidentiality and integrity...

Denial Of Service (DoS)

actionpack is vulnerable to information disclosure. A remote attacker is able crash to the application by sending malicious Accept headers that would cause the application to consume a large amount of resources...

Information Disclosure

actionpack is vulnerable to information disclosure. A remote attacker is able to retrieve arbitrary files on the target server when sending malicious Accept headers that are parsed with render file:...

GHSA-QF5X-QGX7-437H Moderate severity vulnerability that affects actionpack

Withdrawn, accidental duplicate publish. Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows...