474 matches found
RHEL 6 / 7 : rh-ror50-rubygem-actionpack (RHSA-2019:1147)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1147 advisory. Ruby on Rails is a model-view-controller MVC framework for web application development. Action Pack implements the controller and the vi...
CVE-2024-26143
A vulnerability was found in actionpack ruby gem. Applications using the translate method may be susceptible to a cross-site scripting XSS attack...
CVE-2024-26142
A flaw was found in actionpack rubygem during the parsing of the Accept header. This issue ma allow a malicious actor to craft a header which will lead the action dispatch component to take an unexpected amount of time, leading to a Denial of Service, impacting the application's availability...
Exposure of Data Element to Wrong Session
Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the default behavior of sending a Set-Cookie header along with the user's session cookie when serving blobs and setting Cache-Control to public. Certain proxies may cache the Set-Cookie,...
SUSE-SU-2024:0103-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8166: Fixed ability to forge per-form CSRF tokens given a global CSRF bsc1172182...
SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2024:0103-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0103-1 advisory. - CVE-2020-8166: Fixed ability to forge per-form CSRF tokens given a global CSRF bsc1172182. Tenable has extracted the preceding descripti...
actionpack: Possible XSS via User Supplied Values to redirect_to
A Cross-site Scripting XSS vulnerability was found in Actionpack due to improper sanitization of user-supplied values. This allows provided values to contain characters that are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance o...
rubygem-actionpack: Denial of Service in Action Dispatch
A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Action Dispatch related to the If-None-Match header. By sending a specially-crafted HTTP If-None-Match header, a remote attacker...
rubygem-actionpack: Denial of Service in Action Dispatch
A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Action Dispatch module. By sending specially-crafted cookies with an XFORWARDEDHOST header, a remote attacker could exploit...
Fedora: Security Advisory for rubygem-actionpack (FEDORA-2023-4f0bb4ff5e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: rubygem-actionpack-7.0.7.2-1.fc39
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser...
SUSE-SU-2023:3255-1 Security update for rubygem-actionpack-4_2
This update for rubygem-actionpack-42 fixes the following issues: - CVE-2023-28362: Fixed XSS via User Supplied Values to redirectto bsc1213312...
SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2023:3229-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3229-1 advisory. - CVE-2023-28362: Fixed possible XSS via User Supplied Values to redirectto bsc1213312. Tenable has extracted the preceding description...
SUSE-SU-2023:3229-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2023-28362: Fixed possible XSS via User Supplied Values to redirectto bsc1213312...
Cross-site Scripting (XSS)
actionpack is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the redirectto functio of redirecting.rb does not properly check the provided URL for illegal characters, resulting in the downstream services which enforce RFC compliance on HTTP response headers to remove the...
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been...
GHSA-4G8V-VG43-WPGF Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been...
rubygem-actionpack: Possible cross-site scripting vulnerability in Action Pack
A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack...
Fedora: Security Advisory for rubygem-actionpack (FEDORA-2023-7002afbbb8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: rubygem-actionpack-7.0.4.3-1.fc37
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser...