Lucene search
+L

13 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.4 views

SUSE CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

7.5CVSS6.4AI score0.04808EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/06/17 12:0 a.m.65 views

SUSE SLES15 Security Update : rubygem-actionpack-5_1, rubygem-activesupport-5_1 (SUSE-SU-2022:2108-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2108-1 advisory. - The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the...

7.5CVSS7.3AI score0.04808EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/26 4:53 p.m.31 views

Security Bulletin: A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management

Summary A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management. Vulnerability Details CVEID: CVE-2021-22902 DESCRIPTION: Ruby on Rails is vulnerable to a denial of service, caused by a use-after-free flaw in the in Action Dispatch. By...

7.5CVSS0.7AI score0.04808EPSS
Exploits2Affected Software1
NVD
NVD
added 2021/06/11 4:15 p.m.20 views

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

7.5CVSS0.04808EPSS
Exploits1References3
CVE
CVE
added 2021/06/11 3:49 p.m.161 views

CVE-2021-22904

CVE-2021-22904 concerns Rails Action Pack/token authentication DoS due to a too-permissive regular expression in Action Controller. Affected component: actionpack Ruby gem (versions before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6). Impact: potential denial of service via crafted requests or headers; no e...

7.5CVSS7.4AI score0.04808EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2021/06/11 3:49 p.m.55 views

CVE-2021-22904

The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...

7.5CVSS6.5AI score0.04808EPSS
Exploits1
Debian
Debian
added 2021/06/09 9:11 p.m.149 views

[SECURITY] [DSA 4929-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4929-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2021 https://www.debian.org/security/faq -...

7.5CVSS8.3AI score0.04808EPSS
Exploits3
OpenVAS
OpenVAS
added 2021/05/20 12:0 a.m.30 views

Discourse 2.7.0.beta9 Security Update

A new Discourse update includes one security fix. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...

7.5CVSS7.1AI score0.04808EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2021/05/12 12:0 a.m.48 views

Debian: Security Advisory (DLA-2655-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.04808EPSS
Exploits2References4
Debian
Debian
added 2021/05/11 8:52 p.m.83 views

[SECURITY] [DLA 2655-1] rails security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2655-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 12, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

7.5CVSS8.1AI score0.04808EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2021/05/10 12:0 a.m.53 views

FreeBSD : Rails -- multiple vulnerabilities (f7a00ad7-ae75-11eb-8113-08002728f74c)

Ruby on Rails blog : Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed : CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...

7.5CVSS7.3AI score0.04808EPSS
Exploits3References10
FreeBSD
FreeBSD
added 2021/05/05 12:0 a.m.39 views

Rails -- multiple vulnerabilities

Ruby on Rails blog: Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed: CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...

7.5CVSS2.3AI score0.04808EPSS
Exploits3References5
RubySec
RubySec
added 2021/05/05 12:0 a.m.36 views

Possible DoS Vulnerability in Action Controller Token Authentication

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2021-22904. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses...

7.5CVSS4.4AI score0.04808EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder