13 matches found
SUSE-SU-2026:20093-1 Security update for hawk2
This update for hawk2 fixes the following issues: - Bump ruby gem rack to 3.1.18 bsc1251939. - Bump ruby gem uri to 1.0.4. - Fix the mtime in manifest.json bsc1230275. - Make builds determinitstic bsc1230275. - Bump rails version from 8.0.2 to 8.0.2.1 bsc1248100. - Require openssl explicitly...
EUVD-2022-1229
Malicious code in bioql PyPI...
CVE-2024-51743
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server...
OESA-2024-1810 rubygem-actionpack security update
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests. Und...
OESA-2024-1777 rubygem-actionpack security update
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests. Und...
OESA-2024-1764 rubygem-activesupport security update
A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: Action Pack is a framework for handling and responding to web requests. Under certain circumstances respon...
SUSE CVE-2022-23633
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to dat...
CVE-2022-23633
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to dat...
DEBIAN-CVE-2022-23633
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to dat...
UBUNTU-CVE-2022-23633
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to dat...
Exposure of information in Action Pack
Impact Under certain circumstances response bodies will not be closed, for example a bug in a webserver or a bug in a Rack middleware. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to data...
GHSA-WH98-P28R-VRC9 Exposure of information in Action Pack
Impact Under certain circumstances response bodies will not be closed, for example a bug in a webserver or a bug in a Rack middleware. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to data...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF given a global CSRF token such as the one present in the authenticitytoken meta tag. Remediation Upgrade actionpack to version 5.2.4.3, 6.0.3.1 or higher. References - GitHub Commit - Google Group Forum -...