Fedora: Security Advisory for rubygem-actionpack (FEDORA-2023-7002afbbb8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2023:0444-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0444-1 advisory. - A regular expression based DoS vulnerability in Action Dispatch 6.0.6.1, 6.1.7.1, and 7.0.4.1. Specially crafted cookies, in...

SUSE-SU-2023:0444-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2023-22795: Fixed ReDoS in Action Dispatch cache bsc1207451. - CVE-2023-22792: Fixed ReDoS in Action Dispatch cookies bnc1207455...

SUSE-SU-2023:0442-1 Security update for rubygem-actionpack-4_2

This update for rubygem-actionpack-42 fixes the following issues: - CVE-2023-22795: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted HTTP header bsc1207451. - CVE-2023-22792: Fixed possible ReDoS based DoS vulnerability in Action Dispatch via specially crafted...

CVE-2023-22792

A flaw was found in the rubygem-actionpack. RubyGem's actionpack gem is vulnerable to a denial of service caused by a regular expression denial of service ReDoS flaw in the Action Dispatch module. By sending specially-crafted cookies with an XFORWARDEDHOST header, a remote attacker could exploit...

rubygem-actionpack 安全漏洞

actionpack is a simple, time-tested convention for building and testing MVC web applications. Works on any rack-compatible server. A security vulnerability exists in rubygem-actionpack. An attacker exploited the vulnerability to perform a denial-of-service attack...

actionpack 安全漏洞

actionpack is a simple, time-tested convention for building and testing MVC web applications. Works on any rack-compatible server. A security vulnerability exists in rubygem-actionpack. An attacker exploited the vulnerability to perform a denial-of-service attack...

SUSE-SU-2022:15116-1 Security update for rubygem-actionpack-3_2

This update for rubygem-actionpack-32 fixes the following issues: - CVE-2021-22885: Fixed Possible Information Disclosure / Unintended Method Execution in Action Pack bsc1185715. - CVE-2016-2097: Fixed Possible Information Leak Vulnerability in Action View bsc968850...

SUSE SLES15 Security Update : rubygem-actionpack-5_1, rubygem-activesupport-5_1 (SUSE-SU-2022:2108-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2108-1 advisory. - The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the...

openSUSE: Security Advisory for rubygem-actionpack-5_1, (SUSE-SU-2022:2108-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-22577

A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack...

CVE-2021-22942

A flaw was found in rubygem-actionpack. Specially crafted “X-Forwarded-Host” headers, in combination with certain “allowed host” formats, can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. The highest threat from this vulnerability is to system...

openSUSE 15 Security Update : rubygem-actionpack-5_1 (openSUSE-SU-2021:1759-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1759-1 advisory. - A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or...

openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2021:1759-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:1759-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715...

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2021:1759-1 Rating: important References: 1185715 Cross-References: CVE-2021-22885 CVSS scores: CVE-2021-22885 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22885 SUSE: 7.5...

openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2021:0797-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:0797-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715. This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2021:1759-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2021-22885: Fixed possible information disclosure / unintended method execution in Action Pack bsc1185715...

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2021:0797-1 Rating: important References: 1185715 Cross-References: CVE-2021-22885 CVSS scores: CVE-2021-22885 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap...