13 matches found
SUSE CVE-2021-22904
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...
SUSE SLES15 Security Update : rubygem-actionpack-5_1, rubygem-activesupport-5_1 (SUSE-SU-2022:2108-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2108-1 advisory. - The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the...
Security Bulletin: A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management
Summary A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management. Vulnerability Details CVEID: CVE-2021-22902 DESCRIPTION: Ruby on Rails is vulnerable to a denial of service, caused by a use-after-free flaw in the in Action Dispatch. By...
CVE-2021-22904
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...
CVE-2021-22904
CVE-2021-22904 concerns Rails Action Pack/token authentication DoS due to a too-permissive regular expression in Action Controller. Affected component: actionpack Ruby gem (versions before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6). Impact: potential denial of service via crafted requests or headers; no e...
CVE-2021-22904
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses authenticateorrequestwithhttptoken or...
[SECURITY] [DSA 4929-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4929-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2021 https://www.debian.org/security/faq -...
Discourse 2.7.0.beta9 Security Update
A new Discourse update includes one security fix. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse";...
Debian: Security Advisory (DLA-2655-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2655-1] rails security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2655-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 12, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
FreeBSD : Rails -- multiple vulnerabilities (f7a00ad7-ae75-11eb-8113-08002728f74c)
Ruby on Rails blog : Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed : CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...
Rails -- multiple vulnerabilities
Ruby on Rails blog: Rails versions 6.1.3.2, 6.0.3.7, and 5.2.6 have been released! These releases contain important security fixes. Here is a list of the issues fixed: CVE-2021-22885: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902: Possible Denial of...
Possible DoS Vulnerability in Action Controller Token Authentication
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2021-22904. Versions Affected: = 4.0.0 Not affected: 4.0.0 Fixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 Impact ------ Impacted code uses...