Lucene search
K

474 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.36 views

RHEL 6 / 7 : rh-ror50-rubygem-actionpack (RHSA-2019:1147)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1147 advisory. Ruby on Rails is a model-view-controller MVC framework for web application development. Action Pack implements the controller and the vi...

7.8CVSS7.7AI score0.98507EPSS
Exploits19References6
RedhatCVE
RedhatCVE
added 2024/02/27 6:32 p.m.40 views

CVE-2024-26143

A vulnerability was found in actionpack ruby gem. Applications using the translate method may be susceptible to a cross-site scripting XSS attack...

4.1CVSS6.1AI score0.01034EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/02/27 5:12 p.m.26 views

CVE-2024-26142

A flaw was found in actionpack rubygem during the parsing of the Accept header. This issue ma allow a malicious actor to craft a header which will lead the action dispatch component to take an unexpected amount of time, leading to a Denial of Service, impacting the application's availability...

5.9CVSS7.4AI score0.01498EPSS
Exploits0References4
Snyk
Snyk
added 2024/02/24 11:22 p.m.2 views

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session due to the default behavior of sending a Set-Cookie header along with the user's session cookie when serving blobs and setting Cache-Control to public. Certain proxies may cache the Set-Cookie,...

5.3CVSS6.7AI score0.01119EPSS
Exploits0References2
OSV
OSV
added 2024/01/15 12:10 p.m.6 views

SUSE-SU-2024:0103-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8166: Fixed ability to forge per-form CSRF tokens given a global CSRF bsc1172182...

4.3CVSS6.6AI score0.01673EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/01/15 12:0 a.m.30 views

SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2024:0103-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0103-1 advisory. - CVE-2020-8166: Fixed ability to forge per-form CSRF tokens given a global CSRF bsc1172182. Tenable has extracted the preceding descripti...

4.3CVSS6.7AI score0.01673EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/12/14 4:30 p.m.4 views

actionpack: Possible XSS via User Supplied Values to redirect_to

A Cross-site Scripting XSS vulnerability was found in Actionpack due to improper sanitization of user-supplied values. This allows provided values to contain characters that are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance o...

4CVSS6.3AI score0.00332EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2023/11/08 2:26 p.m.9 views

rubygem-actionpack: Denial of Service in Action Dispatch

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Action Dispatch related to the If-None-Match header. By sending a specially-crafted HTTP If-None-Match header, a remote attacker...

7.5CVSS6.7AI score0.02278EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/08 2:26 p.m.8 views

rubygem-actionpack: Denial of Service in Action Dispatch

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Action Dispatch module. By sending specially-crafted cookies with an XFORWARDEDHOST header, a remote attacker could exploit...

7.5CVSS6.7AI score0.01695EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2023/09/16 12:0 a.m.8 views

Fedora: Security Advisory for rubygem-actionpack (FEDORA-2023-4f0bb4ff5e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2023/09/15 7:4 p.m.14 views

[SECURITY] Fedora 39 Update: rubygem-actionpack-7.0.7.2-1.fc39

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser...

7.3AI score
Exploits0
OSV
OSV
added 2023/08/09 11:30 a.m.7 views

SUSE-SU-2023:3255-1 Security update for rubygem-actionpack-4_2

This update for rubygem-actionpack-42 fixes the following issues: - CVE-2023-28362: Fixed XSS via User Supplied Values to redirectto bsc1213312...

4CVSS4.3AI score0.00332EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/08/09 12:0 a.m.21 views

SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2023:3229-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3229-1 advisory. - CVE-2023-28362: Fixed possible XSS via User Supplied Values to redirectto bsc1213312. Tenable has extracted the preceding description...

4CVSS6.1AI score0.00332EPSS
Exploits2References4
OSV
OSV
added 2023/08/08 12:20 p.m.9 views

SUSE-SU-2023:3229-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2023-28362: Fixed possible XSS via User Supplied Values to redirectto bsc1213312...

4CVSS4.3AI score0.00332EPSS
Exploits2References3
Veracode
Veracode
added 2023/07/03 9:16 a.m.29 views

Cross-site Scripting (XSS)

actionpack is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the redirectto functio of redirecting.rb does not properly check the provided URL for illegal characters, resulting in the downstream services which enforce RFC compliance on HTTP response headers to remove the...

4CVSS6AI score0.00332EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2023/06/29 3:3 p.m.27 views

Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been...

4CVSS4.3AI score0.00332EPSS
Exploits2References8Affected Software1
OSV
OSV
added 2023/06/29 3:3 p.m.28 views

GHSA-4G8V-VG43-WPGF Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been...

4CVSS4.3AI score0.00332EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2023/05/03 3:54 p.m.4 views

rubygem-actionpack: Possible cross-site scripting vulnerability in Action Pack

A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack...

6.1CVSS6.3AI score0.01594EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2023/04/06 12:0 a.m.23 views

Fedora: Security Advisory for rubygem-actionpack (FEDORA-2023-7002afbbb8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.7AI score0.00907EPSS
Exploits0References2
Fedora
Fedora
added 2023/04/05 1:36 a.m.15 views

[SECURITY] Fedora 37 Update: rubygem-actionpack-7.0.4.3-1.fc37

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser...

5.3CVSS7.7AI score0.00907EPSS
Exploits0
Rows per page
Query Builder