Astra Linux - уязвимость в rails

An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses...

Regular Expression Denial Of Service (ReDoS)

@fedify/fedify is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to nested quantifiers in the HTML parsing regex within the document loader, which allows an attacker to trigger catastrophic backtracking by sending specially crafted HTML responses...

Linux Distros Unpatched Vulnerability : CVE-2022-22577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS Vulnerability in Action Pack = 5.2.0 and = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. CVE-2022-22577 Note th...

Denial Of Service

Next.js is vulnerable to Denial of Service. The vulnerability is due to a race condition in misconfigured Pages Router setups allowing pageProps data to be served instead of standard HTML responses...

OESA-2024-1709 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests. Sin...

OESA-2024-1708 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests. Sin...

GHSA-FWHR-88QX-H9G7 Missing security headers in Action Pack on non-HTML responses

Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: = 6.1.0 Not affected: 6.1.0 Fixed Versions: 6.1.7.8,...

CVE-2024-28103 Action Pack is missing security headers on non-HTML responses

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...

CVE-2024-28103 Action Pack is missing security headers on non-HTML responses

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...

CVE-2024-28103 Action Pack is missing security headers on non-HTML responses

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...

Missing security headers in Action Pack on non-HTML responses

Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: = 6.1.0 Not affected: 6.1.0 Fixed Versions: 6.1.7.8,...

Apache Druid < 0.23.0 Multiple Vulnerabilities

The version of Apache Druid installed on the remote host is affected by the following vulnerabilities: - Certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks. CVE-2021-44791 - The server did n...

SUSE CVE-2022-22577

An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses...

Apache Druid before 0.23.0 vulnerable to reflected XSS via unescaped URL parameters

In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks. This issue is patched in version 0.23.0...

CVE-2021-44791

In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks...

Cross site scripting

In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks...

CVE-2022-22577

An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when CSP headers were only sent along with responses that Rails considered as "HTML" responses. This left API requests without CSP headers, which could possibly expose users to this vulnerability. Workaround: Se...

PT-2022-15536 · Ruby On Rails +2 · Action Pack +2

Name of the Vulnerable Software and Affected Versions: Action Pack versions 5.2.0 through 5.2.7 Action Pack versions 6.0.0 through 6.0.4.7 Action Pack versions 6.1.0 through 6.1.5.0 Action Pack versions 7.0.0 through 7.0.2.3 Description: The issue allows an attacker to bypass Content Security...

CVE-2013-3734

The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow 1 man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or 2 attackers to obtain sensitive information by...