Unity Linux 20.1060e / 20.1070e Security Update: rubygem-actionpack (UTSA-2026-017610)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017610 advisory. The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action...

RHCOS 6 : rubygem-actionpack and ruby193-rubygem-actionpack (RHSA-2013:0698)

The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0698 advisory. - rubygem-actionpack: csssanitization: XSS vulnerability in sanitizecss CVE-2013-1855 - rubygem-actionpack: sanitizeprotocol: XSS...

openSUSE Security Advisory (SUSE-SU-2024:0103-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 / 7 : rh-ror42-rubygem-actionpack (RHSA-2019:1149)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1149 advisory. Ruby on Rails is a model-view-controller MVC framework for web application development. Action Pack implements the controller and the vi...

SUSE SLES15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2024:3877-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3877-1 advisory. - CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. - CVE-2024-42228: Fixed...

SUSE-SU-2024:3877-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. - CVE-2024-42228: Fixed uninitialized value size when calling amdgpuvcecsreloc bsc1228667...

OPENSUSE-SU-2024:14067-1 ruby3.3-rubygem-actionpack-7.0-7.0.8.4-1.1 on GA media

These are all security issues fixed in the ruby3.3-rubygem-actionpack-7.0-7.0.8.4-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11899-1 ruby3.1-rubygem-actionpack-7.0-7.0.2.2-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-actionpack-7.0-7.0.2.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11821-1 ruby3.1-rubygem-actionpack-6.0-6.0.4.4-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-actionpack-6.0-6.0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12878-1 ruby3.2-rubygem-actionpack-7.0-7.0.4.3-1.1 on GA media

These are all security issues fixed in the ruby3.2-rubygem-actionpack-7.0-7.0.4.3-1.1 package on the GA media of openSUSE Tumbleweed...

RHEL 6 : CloudForms Commons 1.1 (RHSA-2012:1542)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1542 advisory. Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service IaaS product that lets you create and manage private and public...

RHEL 6 / 7 : rh-ror50-rubygem-actionpack (RHSA-2019:1147)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1147 advisory. Ruby on Rails is a model-view-controller MVC framework for web application development. Action Pack implements the controller and the vi...

SUSE-SU-2024:0103-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8166: Fixed ability to forge per-form CSRF tokens given a global CSRF bsc1172182...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2024:0103-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0103-1 advisory. - A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token suc...

rubygem-actionpack: Denial of Service in Action Dispatch

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in Action Dispatch related to the If-None-Match header. By sending a specially-crafted HTTP If-None-Match header, a remote attacker...

Fedora: Security Advisory for rubygem-actionpack (FEDORA-2023-4f0bb4ff5e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:3255-1 Security update for rubygem-actionpack-4_2

This update for rubygem-actionpack-42 fixes the following issues: - CVE-2023-28362: Fixed XSS via User Supplied Values to redirectto bsc1213312...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2023:3229-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3229-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVE...

SUSE-SU-2023:3229-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2023-28362: Fixed possible XSS via User Supplied Values to redirectto bsc1213312...

rubygem-actionpack: Possible cross-site scripting vulnerability in Action Pack

A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack...