9 matches found
Astra Linux - уязвимость в rails
An XSS vulnerability exists in Action Pack versions = 5.2.0 and 5.2.0, which could allow an attacker to bypass the Content Security Policy and generate non-HTML responses...
Linux Distros Unpatched Vulnerability : CVE-2022-22577
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS Vulnerability in Action Pack = 5.2.0 and = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. CVE-2022-22577 Note th...
GHSA-FWHR-88QX-H9G7 Missing security headers in Action Pack on non-HTML responses
Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: = 6.1.0 Not affected: 6.1.0 Fixed Versions: 6.1.7.8,...
CVE-2024-28103 Action Pack is missing security headers on non-HTML responses
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...
CVE-2024-28103 Action Pack is missing security headers on non-HTML responses
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...
Missing security headers in Action Pack on non-HTML responses
Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: = 6.1.0 Not affected: 6.1.0 Fixed Versions: 6.1.7.8,...
SUSE CVE-2022-22577
An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses...
CVE-2022-22577
An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses...
PT-2022-15536 · Ruby On Rails +2 · Action Pack +2
Name of the Vulnerable Software and Affected Versions: Action Pack versions 5.2.0 through 5.2.7 Action Pack versions 6.0.0 through 6.0.4.7 Action Pack versions 6.1.0 through 6.1.5.0 Action Pack versions 7.0.0 through 7.0.2.3 Description: The issue allows an attacker to bypass Content Security...