3 matches found
Debian DLA-2719-1 : ruby-actionpack-page-caching - LTS security update
The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2719 advisory. - There is a vulnerability in actionpackpage-caching gem v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code...
[SECURITY] [DLA 2719-1] ruby-actionpack-page-caching security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2719-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler July 23, 2021 https://wiki.debian.org/LTS -...
CVE-2020-8159
CVE-2020-8159 affects the actionpack-page-caching gem prior to 1.2.1. An attacker can write arbitrary files to the web server, potentially enabling remote code execution if unescaped ERB is written to a view. Documents show CVSS2 base 7.5 and CVSS3.1 base 9.8 (CRITICAL). Debian/DLA-2719-1 and rel...