474 matches found
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect due to improper URL validation in the urlhostallowed? method. Remediation Upgrade actionpack to version 7.0.4 or higher. References - GitHub Commit - GitHub Commit - GitHub PR - PoC Credit: santib...
openSUSE: Security Advisory for rubygem-actionpack-5_1, (SUSE-SU-2022:2108-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES15 Security Update : rubygem-actionpack-5_1, rubygem-activesupport-5_1 (SUSE-SU-2022:2108-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2108-1 advisory. - The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the...
CVE-2022-22577
A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack...
Cross-Site Scripting (XSS)
actionpack is vulnerable to cross-site scripting. The vulnerability exists in call function in contentsecuritypolicy.rb because the API requests are not sent along with CSP headers but responses which allows an attacker to inject and execute javascript...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect through the X-Forwarded-Host header. If the value of the header is prefixed with a invalid domain character for example a /, it is always accepted as the actual host of that request. Since this host is used for all url...
The vulnerability in the intermediate software of the Host Authorization framework of the actionpack ruby gem in the Ruby on Rails software platform arises from insufficient input validation. This allows attackers to access sensitive data and compromise its integrity.
The vulnerability in the Host Authorization framework of the actionpack ruby gem in the Ruby on Rails software platform relates to the conversion of strings in config.hosts without a starting point, into regular expressions without encapsulation. Exploiting this vulnerability can allow an attacke...
Open Redirection
actionpack is vulnerable to open redirection. A malicious X-Forwarded-Host when used in combination with certain allowed host formats, can cause the Host Authorization middleware to redirect users to a malicious website...
CVE-2021-22942
A flaw was found in rubygem-actionpack. Specially crafted “X-Forwarded-Host” headers, in combination with certain “allowed host” formats, can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. The highest threat from this vulnerability is to system...
Ruby on Rails 输入验证错误漏洞
Ruby on Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. Ruby on Rails suffers from an Input Validation Error vulnerability that stems from a flaw found in rubygem-actionpack, which, via a specially crafted X-Forwarded-Host header, in...
Debian DLA-2719-1 : ruby-actionpack-page-caching - LTS security update
The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2719 advisory. - There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code...
Debian: Security Advisory (DLA-2719-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2719-1] ruby-actionpack-page-caching security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2719-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler July 23, 2021 https://wiki.debian.org/LTS -...
openSUSE 15 Security Update : rubygem-actionpack-5_1 (openSUSE-SU-2021:1759-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1759-1 advisory. - A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or...
openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2021:1759-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:1759-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715...
Security update for rubygem-actionpack-5_1 (important)
openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2021:1759-1 Rating: important References: 1185715 Cross-References: CVE-2021-22885 CVSS scores: CVE-2021-22885 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22885 SUSE: 7.5...
CVE-2021-22902
The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...
CVE-2021-22903
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...
CVE-2021-22902
The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...