CVE-2022-0987

A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists...

Struts ParameterInterceptor vulnerability allows remote command execution

Regular expression in ParametersInterceptor matches top'foo' as a valid expression, which OGNL treats as top'foo'0 and evaluates the value of 'foo' action parameter as an OGNL expression. This lets malicious users put arbitrary OGNL statements into any String variable exposed by an action and hav...

CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

rubygem-actionpack: Possible Information Disclosure / Unintended Method Execution in Action Pack

A flaw was found in rubygem-actionpack. Information disclosure or unintended method execution is possible when using the redirectto or polymorphicurl helper with untrusted user input. The highest threat from this vulnerability is to data confidentiality...

openSUSE 15 Security Update : rubygem-actionpack-5_1 (openSUSE-SU-2021:1759-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1759-1 advisory. - A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or...

openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2021:1759-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:1759-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715...

openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2021-797)

This update for rubygem-actionpack-51 fixes the following issues : - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security,...

CVE-2021-22885

A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted user input...

CVE-2021-22885

A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted user input...

CVE-2021-22885

A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted user input...

UBUNTU-CVE-2021-22885

A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted user input...

CVE-2021-22885

CVE-2021-22885 describes an information disclosure / unintended method execution vulnerability in Rails Action Pack >= 2.0.0 caused by using untrusted input with redirect_to or polymorphic_url. Exploitation could disclose data or trigger unintended redirects/method calls depending on input han...

CVE-2021-22885

A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted user input...

Possible Information Disclosure / Unintended Method Execution

There is a possible information disclosure / unintended method execution vulnerability in Action Pack when using the redirectto or polymorphicurl helper with untrusted user input...

openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2021:0797-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2021:1759-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715...

SUSE-SU-2021:1650-1 Security update for rubygem-actionpack-4_2

This update for rubygem-actionpack-42 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715...

Debian DLA-2655-1 : rails security update

CVE-2021-22885 There is a possible information disclosure/unintended method execution vulnerability in Action Pack when using the redirectto or polymorphicurl helper with untrusted user input. CVE-2021-22904 There is a possible DoS vulnerability in the Token Authentication logic in Action...

Debian: Security Advisory (DLA-2655-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...