Lucene search
K

474 matches found

Snyk
Snyk
added 2022/06/29 7:22 a.m.2 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect due to improper URL validation in the urlhostallowed? method. Remediation Upgrade actionpack to version 7.0.4 or higher. References - GitHub Commit - GitHub Commit - GitHub PR - PoC Credit: santib...

5.4CVSS7AI score
Exploits0References2
OpenVAS
OpenVAS
added 2022/06/17 12:0 a.m.26 views

openSUSE: Security Advisory for rubygem-actionpack-5_1, (SUSE-SU-2022:2108-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.8AI score0.04808EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/06/17 12:0 a.m.65 views

SUSE SLES15 Security Update : rubygem-actionpack-5_1, rubygem-activesupport-5_1 (SUSE-SU-2022:2108-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2108-1 advisory. - The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the...

7.5CVSS7.3AI score0.04808EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2022/04/29 1:28 p.m.148 views

CVE-2022-22577

A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack...

7.5CVSS1.9AI score0.01594EPSS
Exploits0References4
Veracode
Veracode
added 2022/04/28 6:17 a.m.33 views

Cross-Site Scripting (XSS)

actionpack is vulnerable to cross-site scripting. The vulnerability exists in call function in contentsecuritypolicy.rb because the API requests are not sent along with CSP headers but responses which allows an attacker to inject and execute javascript...

6.1CVSS4.1AI score0.01594EPSS
Exploits0References8Affected Software3
Snyk
Snyk
added 2021/12/14 9:19 p.m.2 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect through the X-Forwarded-Host header. If the value of the header is prefixed with a invalid domain character for example a /, it is always accepted as the actual host of that request. Since this host is used for all url...

6.1CVSS6.8AI score0.04182EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.5 views

The vulnerability in the intermediate software of the Host Authorization framework of the actionpack ruby gem in the Ruby on Rails software platform arises from insufficient input validation. This allows attackers to access sensitive data and compromise its integrity.

The vulnerability in the Host Authorization framework of the actionpack ruby gem in the Ruby on Rails software platform relates to the conversion of strings in config.hosts without a starting point, into regular expressions without encapsulation. Exploiting this vulnerability can allow an attacke...

6.1CVSS6.3AI score0.01224EPSS
Exploits0References6Affected Software2
Veracode
Veracode
added 2021/08/23 5:23 a.m.5 views

Open Redirection

actionpack is vulnerable to open redirection. A malicious X-Forwarded-Host when used in combination with certain allowed host formats, can cause the Host Authorization middleware to redirect users to a malicious website...

6.1CVSS6.4AI score0.0164EPSS
Exploits0References6Affected Software2
RedhatCVE
RedhatCVE
added 2021/08/20 9:28 a.m.25 views

CVE-2021-22942

A flaw was found in rubygem-actionpack. Specially crafted “X-Forwarded-Host” headers, in combination with certain “allowed host” formats, can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. The highest threat from this vulnerability is to system...

6.1CVSS3.8AI score0.0164EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/08/20 12:0 a.m.3 views

Ruby on Rails 输入验证错误漏洞

Ruby on Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. Ruby on Rails suffers from an Input Validation Error vulnerability that stems from a flaw found in rubygem-actionpack, which, via a specially crafted X-Forwarded-Host header, in...

6.1CVSS6.3AI score0.0164EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2021/07/24 12:0 a.m.57 views

Debian DLA-2719-1 : ruby-actionpack-page-caching - LTS security update

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2719 advisory. - There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code...

9.8CVSS9.2AI score0.0525EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2021/07/24 12:0 a.m.24 views

Debian: Security Advisory (DLA-2719-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.6AI score0.0525EPSS
Exploits0References4
Debian
Debian
added 2021/07/23 4:23 p.m.74 views

[SECURITY] [DLA 2719-1] ruby-actionpack-page-caching security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2719-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler July 23, 2021 https://wiki.debian.org/LTS -...

9.8CVSS9.5AI score0.0525EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/07/16 12:0 a.m.31 views

openSUSE 15 Security Update : rubygem-actionpack-5_1 (openSUSE-SU-2021:1759-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1759-1 advisory. - A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or...

7.5CVSS7.3AI score0.04195EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/07/13 12:0 a.m.22 views

openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2021:1759-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.04195EPSS
Exploits1References2
OSV
OSV
added 2021/07/11 9:10 a.m.3 views

OPENSUSE-SU-2021:1759-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715...

7.5CVSS7.3AI score0.04195EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/07/11 12:0 a.m.26 views

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2021:1759-1 Rating: important References: 1185715 Cross-References: CVE-2021-22885 CVSS scores: CVE-2021-22885 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22885 SUSE: 7.5...

7.5CVSS6.3AI score0.04195EPSS
Exploits1References1
NVD
NVD
added 2021/06/11 4:15 p.m.20 views

CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

7.5CVSS0.02791EPSS
Exploits1References2
OSV
OSV
added 2021/06/11 4:15 p.m.19 views

CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

6.1CVSS6.5AI score0.01224EPSS
Exploits0References2
OSV
OSV
added 2021/06/11 4:15 p.m.20 views

CVE-2021-22902

The actionpack ruby gem a framework for handling and responding to web requests in Rails before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch t...

7.5CVSS6.5AI score0.02791EPSS
Exploits1References2
Rows per page
Query Builder