16 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-28362
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for...
CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
CVE-2023-28362
creationtimestamp| type| source ---|---|--- 2025-01-09 01:11:48+00:00| seen| https://infosec.exchange/users/cve/statuses/113795734456115143 2025-01-09 01:14:48+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/867 2025-01-09 01:15:46+00:00| seen|...
CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
CVE-2023-28362
CVE-2023-28362 affects the Rails redirect_to helper. The vulnerability allows user-supplied values to include characters that are invalid in HTTP header values, potentially causing downstream RFC-compliant headers (Location) to be removed. The CVSS base score is 4.0 (Medium). Debian’s LTS advisor...
CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
OESA-2024-2465 rubygem-actionpack security update
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: A Cross-site Scripting XSS vulnerability was found in Actionpack due to...
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:3229-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: Satellite 6.14.1 Async Security Update
Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet...
SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2023:3229-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3229-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVE...
SUSE-SU-2023:3229-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2023-28362: Fixed possible XSS via User Supplied Values to redirectto bsc1213312...
SUSE CVE-2023-28362
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...
GHSA-4G8V-VG43-WPGF Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been...
Possible XSS via User Supplied Values to redirect_to
The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been...