22 matches found
SUSE CVE-2021-22885
A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted user input...
Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2021-22885).
Summary There is a vulnerability in Ruby On Rails that is used by IBM License Metric Tool. Vulnerability Details CVEID: CVE-2021-22885 DESCRIPTION: Ruby on Rails could allow a remote attacker to obtain sensitive information, caused by improper input validation by the Action Pack. By sending a...
openSUSE 15 Security Update : rubygem-actionpack-5_1 (openSUSE-SU-2021:1759-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1759-1 advisory. - A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or...
openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2021:1759-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:1759-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715...
OESA-2021-1236 rubygem-actionpack security update
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: A possible information disclosure/unintended method execution vulnerability...
[SECURITY] [DSA 4929-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4929-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2021 https://www.debian.org/security/faq -...
openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2021-797)
This update for rubygem-actionpack-51 fixes the following issues : - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security,...
CVE-2021-22885
A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted user input...
CVE-2021-22885
A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted user input...
CVE-2021-22885
A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted user input...
CVE-2021-22885
CVE-2021-22885 describes an information disclosure / unintended method execution vulnerability in Rails Action Pack >= 2.0.0 caused by using untrusted input with redirect_to or polymorphic_url. Exploitation could disclose data or trigger unintended redirects/method calls depending on input han...
openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2021:0797-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:0797-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715. This update was imported from the SUSE:SLE-15:Update update project...
SUSE-SU-2021:1759-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715...
Discourse 2.7.0.beta9 Security Update
A new Discourse update includes one security fix. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...
Debian: Security Advisory (DLA-2655-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2655-1] rails security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2655-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 12, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
FreeBSD : Rails -- multiple vulnerabilities (f7a00ad7-ae75-11eb-8113-08002728f74c)
Ruby on Rails blog : Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed : CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...
CVE-2021-22885
A flaw was found in rubygem-actionpack. Information disclosure or unintended method execution is possible when using the redirectto or polymorphicurl helper with untrusted user input. The highest threat from this vulnerability is to data confidentiality...